NSFileManager reads past end of memory

Originator:tim.murison
Number:rdar://6636446 Date Originated:02/03/2009
Status:Fixed Resolved:Duplicate 5961223
Product:Mac OS X Product Version:10.5.6
Classification:Crash/Hang/Data Loss Reproducible:Always
 
I noticed an issue in my code related to NSFileManager. When running my program with gmalloc, I got a seg fault. It seems NSFileManager is reading past the end of an allocation. I wrote a simple reproducible sample program to illustrate the issue.

'DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib ./main' will crash.

#import <Cocoa/Cocoa.h>
                   
int main(int argc, char **argv)
{                  
        NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
        NSFileManager *manager = [NSFileManager defaultManager];
        NSString *path = @"/Applications";
        NSDirectoryEnumerator *enumerator = [manager enumeratorAtPath:path];
                   
        for (id fileName in enumerator) {
                NSAutoreleasePool *loopPool = [[NSAutoreleasePool alloc]
init];             
                NSString *file = [path
stringByAppendingPathComponent:fileName];
                NSDictionary *attrs = [manager fileAttributesAtPath:file
traverseLink:YES]; 
                   
                [loopPool drain];
        }          
                   
        [pool drain];
        return 0;  
}

Comments

This bug report was also posted to cocoa-dev. The reply from Apple reads:

I was able to reproduce this on 10.5.6 (9G55) - the backtrace shows
the crash happening deep in LaunchServices; this is a known bug which
has been fixed.

By tim.murison at March 3, 2009, 2:53 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!