[Mono-list] Mono.Unix.Native.Syscall.readlink memory corruption
Jonathan Pryor
jonpryor at vt.edu
Tue Mar 14 18:38:37 EST 2006
On Tue, 2006-03-14 at 17:37 -0500, Gonzalo Paniagua Javier wrote:
> On Tue, 2006-03-14 at 17:00 -0500, Jonathan Pryor wrote:
> > I may be missing something, but I'm missing how this actually fixes the
> > corruption problem.
>
> The corruption comes from the sb->str MonoString not being
> null-terminated when the capacity is less than the number of items
> resulting from g_utf8_to_utf16.
Which is why I'm confused. It seems that mono_string_utf8_to_builder is
invoked to copy the internally-allocated unmanaged buffer into an
existing StringBuilder instance.
So if g_utf8_to_utf16 converts more characters than the capacity of the
StringBuilder, wouldn't that imply that the internal buffer was
overflowed?
Which is why I don't see why null-terminating the input string actually
helps...
- Jon
More information about the Mono-list
mailing list