[Mono-list] Mono.Unix.Native.Syscall.readlink memory corruption

Jonathan Pryor jonpryor at vt.edu
Tue Mar 14 18:38:37 EST 2006


On Tue, 2006-03-14 at 17:37 -0500, Gonzalo Paniagua Javier wrote:
> On Tue, 2006-03-14 at 17:00 -0500, Jonathan Pryor wrote:
> > I may be missing something, but I'm missing how this actually fixes the
> > corruption problem.
> 
> The corruption comes from the sb->str MonoString not being
> null-terminated when the capacity is less than the number of items
> resulting from g_utf8_to_utf16.

Which is why I'm confused.  It seems that mono_string_utf8_to_builder is
invoked to copy the internally-allocated unmanaged buffer into an
existing StringBuilder instance.

So if g_utf8_to_utf16 converts more characters than the capacity of the
StringBuilder, wouldn't that imply that the internal buffer was
overflowed?

Which is why I don't see why null-terminating the input string actually
helps...

 - Jon




More information about the Mono-list mailing list