This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
Re: seekdir dereferences null
Howland Craig D (Craig) wrote:
The same bug of not checking for dirp being NULL also seems to be in
telldir (in the same file, of course). (_cleanupdir does not check,
either, but a cursory examination says that it probably does not
matter, as it would not be dereferenced.)
Thanks for the feedback. You spotting another one made
me nervous so I went through *dir.c in posix and found a
few more cases. Attached is a new patch.
2008-12-04 Joel Sherrill <joel.sherrill@oarcorp.com>
* libc/posix/closedir.c, libc/posix/readdir.c,
libc/posix/scandir.c, libc/posix/telldir.c: Check for NULL pointers.
Craig Howland
-----Original Message-----
From: newlib-owner@sourceware.org [mailto:newlib-owner@sourceware.org]
On Behalf Of Joel Sherrill
Sent: Wednesday, December 03, 2008 3:47 PM
To: newlib@sources.redhat.com
Subject: Re: seekdir dereferences null
Patch attached this time. :)
Joel Sherrill wrote:
Hi,
Another bug picked up by the RTEMS test suite.
seekdir(NULL, 0) core dumps.
2008-12-03 Joel Sherrill <joel.sherrill@oarcorp.com>
* libc/posix/telldir.c (_seekdir): Do not dereference NULL dirp.
--
Joel Sherrill, Ph.D. Director of Research & Development
joel.sherrill@OARcorp.com On-Line Applications Research
Ask me about RTEMS: a free RTOS Huntsville AL 35805
Support Available (256) 722-9985
Index: libc/posix/closedir.c
===================================================================
RCS file: /cvs/src/src/newlib/libc/posix/closedir.c,v
retrieving revision 1.3
diff -u -r1.3 closedir.c
--- libc/posix/closedir.c 6 Jun 2003 19:57:51 -0000 1.3
+++ libc/posix/closedir.c 4 Dec 2008 14:59:14 -0000
@@ -54,6 +54,11 @@
{
int fd, rc;
+ if (!dirp) {
+ errno = EBADF;
+ return -1;
+ }
+
#ifdef HAVE_DD_LOCK
__lock_acquire_recursive(dirp->dd_lock);
#endif
Index: libc/posix/readdir.c
===================================================================
RCS file: /cvs/src/src/newlib/libc/posix/readdir.c,v
retrieving revision 1.3
diff -u -r1.3 readdir.c
--- libc/posix/readdir.c 6 Jun 2003 19:57:51 -0000 1.3
+++ libc/posix/readdir.c 4 Dec 2008 14:59:14 -0000
@@ -54,6 +54,9 @@
__lock_acquire_recursive(dirp->dd_lock);
#endif
+ if (!dirp)
+ return NULL;
+
if (dirp->dd_fd == -1)
return NULL;
Index: libc/posix/scandir.c
===================================================================
RCS file: /cvs/src/src/newlib/libc/posix/scandir.c,v
retrieving revision 1.7
diff -u -r1.7 scandir.c
--- libc/posix/scandir.c 24 Nov 2008 20:42:33 -0000 1.7
+++ libc/posix/scandir.c 4 Dec 2008 14:59:14 -0000
@@ -81,6 +81,11 @@
int successful = 0;
int rc = 0;
+ if (!namelist) {
+ errno = EINVAL;
+ return -1;
+ }
+
dirp = NULL;
names = NULL;
Index: libc/posix/telldir.c
===================================================================
RCS file: /cvs/src/src/newlib/libc/posix/telldir.c,v
retrieving revision 1.6
diff -u -r1.6 telldir.c
--- libc/posix/telldir.c 27 Nov 2008 21:01:40 -0000 1.6
+++ libc/posix/telldir.c 4 Dec 2008 14:59:14 -0000
@@ -84,6 +84,9 @@
register int index;
register struct ddloc *lp;
+ if ( !dirp )
+ return;
+
if ((lp = (struct ddloc *)malloc(sizeof(struct ddloc))) == NULL)
return (-1);
@@ -121,6 +124,9 @@
struct dirent *dp;
extern long lseek();
+ if ( !dirp )
+ return;
+
#ifdef HAVE_DD_LOCK
__lock_acquire(dd_hash_lock);
#endif