1
Vote

iirfStatus fails intermittently

description

Looks like a memory corruption bug. This is in v.latest.
 
Inspecting the code, I found in rewriter.c, within FormatUserAndGroups() , this stanza,
 
       else if (nameUse == SidTypeUser){
            if (j == 1) {
                *userName = malloc(strlen(grpName) + strlen(domainName) + 3);
                *userName[0] = '\0'; // initialize to the empty string
                strcat_s(*userName, totalSizeNeeded, domainName);
                strcat_s(*userName, totalSizeNeeded, "\\");
                strcat_s(*userName, totalSizeNeeded, grpName);
            }
        }
This is incorrect. the totalSizeNeeded is appropriate for a differently allocated string. The proposed fix is to do this:
 
        else if (nameUse == SidTypeUser) {
            // During pass 0, we don't need to accumulate a size for
            // the user name because there is only one user name.
            // So, only for pass 1, allocate and format the string.
            if (j == 1) {
                size_t L = strlen(domainName) + strlen(grpName) + 3;
                *userName = malloc(sizeof(char) * L);
                *userName[0] = '\0';
                strcat_s(*userName, L, domainName);
                strcat_s(*userName, L, "\\");
                strcat_s(*userName, L, grpName);
            }
        }

comments

Cheeso wrote Mar 12, 2012 at 7:19 PM

Fixed in changeset 96709.

Sign in to add a comment or to set email notifications