View | Details | Raw Unified | Return to bug 52
Collapse All | Expand All

(-)getdents.c.orig (-4 / +7 lines)
Lines 117-123 Link Here
117
      size_t kbytes = nbytes;
117
      size_t kbytes = nbytes;
118
      if (offsetof (DIRENT_TYPE, d_name)
118
      if (offsetof (DIRENT_TYPE, d_name)
119
	  < offsetof (struct kernel_dirent64, d_name)
119
	  < offsetof (struct kernel_dirent64, d_name)
120
	  && nbytes <= sizeof (DIRENT_TYPE))
120
	  && nbytes <= sizeof (kernel_dirent64))
121
	{
121
	{
122
	  kbytes = nbytes + offsetof (struct kernel_dirent64, d_name)
122
	  kbytes = nbytes + offsetof (struct kernel_dirent64, d_name)
123
		   - offsetof (DIRENT_TYPE, d_name);
123
		   - offsetof (DIRENT_TYPE, d_name);
Lines 175-182 Link Here
175
	      outp->u.d_off = d_off;
175
	      outp->u.d_off = d_off;
176
	      if ((sizeof (outp->u.d_ino) != sizeof (inp->k.d_ino)
176
	      if ((sizeof (outp->u.d_ino) != sizeof (inp->k.d_ino)
177
		   && outp->u.d_ino != d_ino)
177
		   && outp->u.d_ino != d_ino)
178
		  || (sizeof (outp->u.d_off) != sizeof (inp->k.d_off)
178
		  )
179
		      && outp->u.d_off != d_off))
180
		{
179
		{
181
		  /* Overflow.  If there was at least one entry
180
		  /* Overflow.  If there was at least one entry
182
		     before this one, return them without error,
181
		     before this one, return them without error,
Lines 190-196 Link Here
190
		  return -1;
189
		  return -1;
191
		}
190
		}
192
191
193
	      last_offset = d_off;
192
	      if( last_offset == -1 )
193
		last_offset = 0;
194
	      last_offset += old_reclen;
195
194
	      outp->u.d_reclen = new_reclen;
196
	      outp->u.d_reclen = new_reclen;
195
	      outp->u.d_type = d_type;
197
	      outp->u.d_type = d_type;
196
198
Lines 213-218 Link Here
213
    const size_t size_diff = (offsetof (DIRENT_TYPE, d_name)
215
    const size_t size_diff = (offsetof (DIRENT_TYPE, d_name)
214
			      - offsetof (struct kernel_dirent, d_name));
216
			      - offsetof (struct kernel_dirent, d_name));
215
217
218
    /* bug? (nbytes might be smaller than right side of minus) */
216
    red_nbytes = MIN (nbytes
219
    red_nbytes = MIN (nbytes
217
		      - ((nbytes / (offsetof (DIRENT_TYPE, d_name) + 14))
220
		      - ((nbytes / (offsetof (DIRENT_TYPE, d_name) + 14))
218
			 * size_diff),
221
			 * size_diff),

Return to bug 52