diff options
| author | David McFarland <corngood@gmail.com> | 2018-10-28 22:22:44 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2018-10-29 12:08:53 +0300 |
| commit | af85fdd73f6ac87e02ee2872e415e7e89d7111f4 (patch) | |
| tree | 4e730a7f4cac6d96f74a9bc53eed37eebd2273d4 | |
| parent | 08eab6396f678cf5e5968acaed0bae9fd129983b (diff) | |
Cygwin: Fix cygheap corruption caused by cloned atomic buffer
The fhandler_base_overlapped::copyto clears atomic_write_buf on the
clone, but none of the derived classes were doing this. This allowed
the destructor to double-free the buffer and corrupt cygheap.
Clear atomic_write_buf in copyto of all derived classes.
| -rw-r--r-- | winsup/cygwin/fhandler.h | 2 | ||||
| -rw-r--r-- | winsup/cygwin/release/2.11.2 | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/winsup/cygwin/fhandler.h b/winsup/cygwin/fhandler.h index 2cc99d713..9e63867ab 100644 --- a/winsup/cygwin/fhandler.h +++ b/winsup/cygwin/fhandler.h @@ -1216,6 +1216,7 @@ public: { x->pc.free_strings (); *reinterpret_cast<fhandler_pipe *> (x) = *this; + reinterpret_cast<fhandler_pipe *> (x)->atomic_write_buf = NULL; x->reset (this); } @@ -1256,6 +1257,7 @@ public: { x->pc.free_strings (); *reinterpret_cast<fhandler_fifo *> (x) = *this; + reinterpret_cast<fhandler_fifo *> (x)->atomic_write_buf = NULL; x->reset (this); } diff --git a/winsup/cygwin/release/2.11.2 b/winsup/cygwin/release/2.11.2 index c8d81d45b..b9ccc5c67 100644 --- a/winsup/cygwin/release/2.11.2 +++ b/winsup/cygwin/release/2.11.2 @@ -11,3 +11,6 @@ Bug Fixes - Return ESPIPE rather than EINVAL from lseek on a fifo. Addresses: https://cygwin.com/ml/cygwin/2018-10/msg00019.html + +- Fix a memory corruption when using pipes or FIFOs + Addresses: https://cygwin.com/ml/cygwin-patches/2018-q4/msg00000.html |