Incrementing NULL pointer in generate_file_list (Mac/Linux and Windows) causes crash

[MaxvandenBoom]

Hi Dan and Jan,

This bug occurs when you load any session/channel/segment directory that has a file or subdirectory without an extension, causing a crash in Mac/Linux and Windows. It will likely manifest when you accidentally point any of the meflib read functions to a wrong but existing directory with contents.

The cause lies in the 'generate_file_list' function. In windows, the following line checks for an dot character in the filename: ext = strrchr((si1 *) fdFile.cFileName, '.') + 1;

The 'strrchr' call returns NULL on files/subdirectories without an dot (extension). In these cases, the NULL pointer will be incremented, which later on causes a crash. In the Mac/Linux code something similar happens:

ext = strrchr(contents_list[n]->d_name, '.');
    if (strlen(ext) != 1)
        ext += 1;

Just a check on length, not for NULL, causes an increment and crash later.

It is easily solved by updating both occurances in the windows block (around line 4029 and 4047) to:

ext = strrchr((si1 *) fdFile.cFileName, '.');
if (ext != NULL && strlen(ext) != 1)
    ext++;

and both occurances in the mac/linux block (around line 4143 and 4159) to:

ext = strrchr(contents_list[n]->d_name, '.');
if (ext != NULL && strlen(ext) != 1)
    ext++;

I hope this helps others

[cimbi]

Great Max, thanks. I'll take a look at the PR this weekend and will create a pymef new version

[cimbi]

Resolved by #10