Fix heap corruption from wmode out-of-bound writes on windows (#6272)

* would throw error on VS2022 on GGML_FREE(wmode)
* wchar_t is usually 2 bytes, but malloc wants bytes
  * therefore `*wmode_p++ = (wchar_t)*mode;` could write off the end of the allocation
* Fixes error possibly introduced by https://github.com/ggerganov/llama.cpp/pull/6248
This commit is contained in:
Rick G 2024-03-24 14:45:56 -07:00 committed by GitHub
parent a0e584defd
commit a32b77c4b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

2
ggml.c
View File

@ -465,7 +465,7 @@ FILE * ggml_fopen(const char * fname, const char * mode) {
wchar_t * wfname = ggml_mbstowcs(fname); wchar_t * wfname = ggml_mbstowcs(fname);
if (wfname) { if (wfname) {
// convert mode (ANSI) // convert mode (ANSI)
wchar_t * wmode = GGML_MALLOC(strlen(mode) + 1); wchar_t * wmode = GGML_MALLOC((strlen(mode) + 1) * sizeof(wchar_t));
wchar_t * wmode_p = wmode; wchar_t * wmode_p = wmode;
do { do {
*wmode_p++ = (wchar_t)*mode; *wmode_p++ = (wchar_t)*mode;