[Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)

fweimer at redhat dot com
The readdir() man page states that readdir() returns a pointer to a struct
dirent, and shows the fields of the dirent structure which include d_name[256].
 It appears, however, that readdir() actually returns a pointer to within the
dirp buffer, and if towards the end of the dirp buffer, the pointer returned by
readdir() may not be accessible through the full sizeof(struct dirent).  This
disallows structure assignments or memcpy of the entire structure as they cause
segmentation violations.

The easiest solution to this problem is probably to change the man page to
indicate that, although the structure has a d_name[256] field, it should be
treated, as with POSIX, as only long enough to hold the file name and its
terminating null character.  Accesses beyond that null byte may cause (and have
been seen in the wild to actually cause) a segmentation violation.

--
           Summary: readdir() does not always return memory of sizeof(struct
                    dirent)
           Product: glibc
           Version: 2.3.2
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: derrell dot lipman at unwireduniverse dot com
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=3776

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Reply | Threaded
Open this post in threaded view
|

[Bug libc/3776] readdir() does not always return memory of sizeof(struct dirent)

fweimer at redhat dot com

------- Additional Comments From drepper at redhat dot com  2006-12-21 06:32 -------
The man pages are not part of glibc and the info pages never say anywhere that
the object pointed to by the return value is at least as large as struct dirent.
 The code is fine, glibc's documentation is fine.

--
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=3776

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.