cygwin_create_path causes null pointer crashes

Thomas Wolff
Mon Dec 12 19:28:00 GMT 2016

Hi Corinna,

Am 11.12.2016 um 12:08 schrieb Corinna Vinschen:
> Hi Thomas,
> On Dec 10 03:03, Thomas Wolff wrote:
>> cygwin_create_path is supposed to call malloc itself,
>> however, it occasionally returns with null and errno == ENOSPC,
>> if it's provided with a network path, e.g.
>> cygwin_create_path(CCP_POSIX_TO_WIN_W, "/cygdrive/s/.config/mintty")
>> returns null in ~ 3 of 1000 cases, where /cygdrive/s exists but
>> /cygdrive/s/.config does not
> Did you try to debug and fix the issue?  This is the developer's mailing
> list after all...
I can contribute some initial analysis:
Cloning cygwin_create_path from cygwin/ with these essentials:
   ssize_t size = cygwin_conv_path (what, from, NULL, 0);
   // checking size, calling malloc
   if (cygwin_conv_path (what, from, to, size) == -1)
there are actually two different errors happening, with example path 
1. the first call (for size determination) returns 44 but the second 
call returns the correct result "S:\.config\mintty".
2. the first call returns 36 but the second call (provided with a larger 
size value patched into the function) returns "S:\.config\mintty.lnk" 
(which needs 44 bytes); this is obviously the call that would return 
null if not patched with a faked buffer size

Another observation, by the slowness of the calls, is that apparently 
the drive is actually accessed during the path conversion, which I 
wouldn't have expected from a plain path conversion function.

The underlying function cygwin_conv_path looks a bit complicated for a 
straight-forward analysis to me...

More information about the Cygwin-developers mailing list