This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] glob: Avoid copying the d_name field of struct dirent [BZ #19779]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 4 May 2016 12:10:35 +0200
- Subject: Re: [PATCH] glob: Avoid copying the d_name field of struct dirent [BZ #19779]
- Authentication-results: sourceware.org; auth=none
- References: <56E339A7 dot 7060704 at redhat dot com> <20160311222757 dot DB90C2C3C24 at topped-with-meat dot com> <56FBBA94 dot 1040605 at redhat dot com> <20160330232737 dot 2A3F32C3C35 at topped-with-meat dot com> <56FD5B69 dot 1010002 at redhat dot com> <20160401215549 dot E32FC2C3BCD at topped-with-meat dot com> <57233290 dot 8090900 at redhat dot com> <20160502224824 dot 2E3F62C3B69 at topped-with-meat dot com> <5728DD49 dot 8020608 at redhat dot com> <20160503214619 dot BF4A72C3BBB at topped-with-meat dot com>
On 05/03/2016 11:46 PM, Roland McGrath wrote:
+ struct readdir_result result = {NULL};
Put spaces around NULL, or just use {} (which has the same semantics).
I have to use NULL because empty initializers are not part of C89. So I
added the spaces.
OK. FWIW, I usually use a trailing comma i.e. "{ NULL, }" as implicit
documentation that it's zero-initializing members I didn't list explicitly.
I pushed the patch with this change. I added this NEWS entry:
* The glob function suffered from a stack-based buffer overflow when it was
called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
Reported by Alexander Cherepanov. (CVE-2016-1234)
Thanks for your patience.
Florian