Fix heap corruption from wmode out-of-bound writes on windows (#6272)

* would throw error on VS2022 on GGML_FREE(wmode) * wchar_t is usually 2 bytes, but malloc wants bytes * therefore `*wmode_p++ = (wchar_t)*mode;` could write off the end of the allocation * Fixes error possibly introduced by https://github.com/ggerganov/llama.cpp/pull/6248
author: Rick G <26732651+TheFlipbook@users.noreply.github.com> 2024-03-24 14:45:56 -0700
committer: GitHub <noreply@github.com> 2024-03-24 22:45:56 +0100
commit: a32b77c4b2c1808654d0b952f26c37d73d2e746b (patch)
tree: f146e7bd8007a0761ca64236858d950b6c5b747b
parent: a0e584defd8c16e7a51ab895f595df0448d710d0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ggml.c b/ggml.c
index 18f10a3d..203a9e54 100644
--- a/ggml.c
+++ b/ggml.c
@@ -465,7 +465,7 @@ FILE * ggml_fopen(const char * fname, const char * mode) {
     wchar_t * wfname = ggml_mbstowcs(fname);
     if (wfname) {
         // convert mode (ANSI)
-        wchar_t * wmode = GGML_MALLOC(strlen(mode) + 1);
+        wchar_t * wmode = GGML_MALLOC((strlen(mode) + 1) * sizeof(wchar_t));
         wchar_t * wmode_p = wmode;
         do {
             *wmode_p++ = (wchar_t)*mode;
author	Rick G <26732651+TheFlipbook@users.noreply.github.com>	2024-03-24 14:45:56 -0700
committer	GitHub <noreply@github.com>	2024-03-24 22:45:56 +0100
commit	a32b77c4b2c1808654d0b952f26c37d73d2e746b (patch)
tree	f146e7bd8007a0761ca64236858d950b6c5b747b
parent	a0e584defd8c16e7a51ab895f595df0448d710d0 (diff)