This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

A bug in CYGWIN exec() and revision of argument values


I stumbled across yet another problem (or two), now in CYGWIN exec() implementation,
which is demonstrated by the test case.

1. Using CMD.EXE as a command with the "/C" switch (note the capital letter
   just as Windows documents this switch for CMD.EXE) does not trigger the special
   handing in cygwin/, because of this case-sensitive comparison with
   the lowercase 'c' (around line 392):

  if (ac == 3 && argv[1][0] == '/' && argv[1][1] == 'c' &&
      (iscmd (argv[0], "") || iscmd (argv[0], "cmd.exe")))

   It's interesting that the iscmd() calls that follow, do treat "" or
   "cmd.exe" case-insensitively.  So I guess, tolower() is in order for the 'c'

2. Due to the bug in 1., the flow control in the "else" clause then reveals the
   following problem:  if a single backslash was given in the command, it would
   be doubled.

   To prove this, consider executing the program like this:

   ./a 'C:\Windows\System32\CMD.EXE' '/C' 'ECHO C:\'

   You'll see:

   About to exec(C:\Windows\System32\cmd.exe /C ECHO C:\)

   Try it with small '/c' to see the difference and bypass the bug.

   strace confirms the argument modification:

21508   36588 [main] a 7132 child_info_spawn::worker: pid 7132, prog_arg C:\Windows\System32\CMD.EXE, cmd line C:\Windows\System32\CMD.EXE /C "ECHO C:\\")

   Implementation of linebuf::fromargv (file suggests that the observed
   doubling of a backslash occurs only if the backslash is the last character in the
   argument (which is also to contain spaces or quotes), so it won't accidentally glue
   to the enveloping quote character, which is injected by CYGWIN when forming the
   command line.

   Indeed, this works (try it without the space to see what I initially saw in
   my application and that prompted all the above analysis):

   ./a 'C:\Windows\System32\CMD.EXE' '/C' 'DIR C:\ '

   Any insight will be much appreciated.


Anton Lavrentiev
Contractor NIH/NLM/NCBI

#include <errno.h>
#include <stdio.h>
#include <unistd.h>

int main(int argc, char* argv[])
   printf("About to exec(%s %s %s)\n", argv[1], argv[2], argv[3]);

   execvp(argv[1], &argv[1]);

   fprintf(stderr, "Exec failed, error = %d\n", errno);
   return 0;

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]