This is the mail archive of the
mailing list for the Cygwin project.
A bug in CYGWIN exec() and revision of argument values
- From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr at ncbi dot nlm dot nih dot gov>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Thu, 29 Nov 2012 22:28:59 +0000
- Subject: A bug in CYGWIN exec() and revision of argument values
I stumbled across yet another problem (or two), now in CYGWIN exec() implementation,
which is demonstrated by the test case.
1. Using CMD.EXE as a command with the "/C" switch (note the capital letter
just as Windows documents this switch for CMD.EXE) does not trigger the special
handing in cygwin/spawn.cc, because of this case-sensitive comparison with
the lowercase 'c' (around line 392):
if (ac == 3 && argv == '/' && argv == 'c' &&
(iscmd (argv, "command.com") || iscmd (argv, "cmd.exe")))
It's interesting that the iscmd() calls that follow, do treat "command.com" or
"cmd.exe" case-insensitively. So I guess, tolower() is in order for the 'c'
2. Due to the bug in 1., the flow control in the "else" clause then reveals the
following problem: if a single backslash was given in the command, it would
To prove this, consider executing the program like this:
./a 'C:\Windows\System32\CMD.EXE' '/C' 'ECHO C:\'
About to exec(C:\Windows\System32\cmd.exe /C ECHO C:\)
Try it with small '/c' to see the difference and bypass the bug.
strace confirms the argument modification:
21508 36588 [main] a 7132 child_info_spawn::worker: pid 7132, prog_arg C:\Windows\System32\CMD.EXE, cmd line C:\Windows\System32\CMD.EXE /C "ECHO C:\\")
Implementation of linebuf::fromargv (file winf.cc) suggests that the observed
doubling of a backslash occurs only if the backslash is the last character in the
argument (which is also to contain spaces or quotes), so it won't accidentally glue
to the enveloping quote character, which is injected by CYGWIN when forming the
Indeed, this works (try it without the space to see what I initially saw in
my application and that prompted all the above analysis):
./a 'C:\Windows\System32\CMD.EXE' '/C' 'DIR C:\ '
Any insight will be much appreciated.
int main(int argc, char* argv)
printf("About to exec(%s %s %s)\n", argv, argv, argv);
fprintf(stderr, "Exec failed, error = %d\n", errno);
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple