Skip to content

Commit

Permalink
Fix heap corruption from wmode out-of-bound writes on windows (ggerga…
Browse files Browse the repository at this point in the history
…nov#6272)

* would throw error on VS2022 on GGML_FREE(wmode)
* wchar_t is usually 2 bytes, but malloc wants bytes
  * therefore `*wmode_p++ = (wchar_t)*mode;` could write off the end of the allocation
* Fixes error possibly introduced by ggerganov#6248
  • Loading branch information
TheFlipbook authored Mar 24, 2024
1 parent a0e584d commit a32b77c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ggml.c
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,7 @@ FILE * ggml_fopen(const char * fname, const char * mode) {
wchar_t * wfname = ggml_mbstowcs(fname);
if (wfname) {
// convert mode (ANSI)
wchar_t * wmode = GGML_MALLOC(strlen(mode) + 1);
wchar_t * wmode = GGML_MALLOC((strlen(mode) + 1) * sizeof(wchar_t));
wchar_t * wmode_p = wmode;
do {
*wmode_p++ = (wchar_t)*mode;
Expand Down

0 comments on commit a32b77c

Please sign in to comment.