Incorrect validation in minicrt memcpy_s() and memmove_s()

The validation logic in memcpy_s() and memmove_s() 
(third_party/minicrt/memory.cc) is incorrect.  A patch is attached below.

As far as Omaha is concerned, the bug manifests itself in opt-win builds 
(which are linked against minicrt).  E.g.: When the meta installer from an 
opt-win build is run, it will terminate with no user-visible error.  
memcpy_s() is used by CString, which is used by the meta installer to 
construct path strings.  These path strings will fail to be initialized 
properly due to this bug, resulting in the abnormal termination.  
(Possibly related to issue 19).

Patch included inline (also attached):

Index: memory.cc
===================================================================
--- memory.cc   (revision 104)
+++ memory.cc   (working copy)
@@ -74,9 +74,9 @@
       return 0;
   }

-  if (dst != NULL) return EINVAL;
-  if (src != NULL) return EINVAL;
-  if (size_in_bytes >= count) return ERANGE;
+  if (dst == NULL) return EINVAL;
+  if (src == NULL) return EINVAL;
+  if (size_in_bytes < count) return ERANGE;

   memmove(dst, src, count);
   return 0;
@@ -90,9 +90,9 @@
         return 0;
   }

-  if (dst != NULL) return EINVAL;
-  if (src != NULL) return EINVAL;
-  if (size_in_bytes >= count) return ERANGE;
+  if (dst == NULL) return EINVAL;
+  if (src == NULL) return EINVAL;
+  if (size_in_bytes < count) return ERANGE;

   memcpy(dst, src, count);
   return 0;

Original issue reported on code.google.com by asa...@gmail.com on 10 May 2010 at 8:48

Attachments:

memcpy_s-fix.patch

codynoel / omaha

Incorrect validation in minicrt memcpy_s() and memmove_s() #22