This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)
- From: "derrell dot lipman at unwireduniverse dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 21 Dec 2006 03:15:48 -0000
- Subject: [Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)
- Reply-to: sourceware-bugzilla at sourceware dot org
The readdir() man page states that readdir() returns a pointer to a struct
dirent, and shows the fields of the dirent structure which include d_name[256].
It appears, however, that readdir() actually returns a pointer to within the
dirp buffer, and if towards the end of the dirp buffer, the pointer returned by
readdir() may not be accessible through the full sizeof(struct dirent). This
disallows structure assignments or memcpy of the entire structure as they cause
segmentation violations.
The easiest solution to this problem is probably to change the man page to
indicate that, although the structure has a d_name[256] field, it should be
treated, as with POSIX, as only long enough to hold the file name and its
terminating null character. Accesses beyond that null byte may cause (and have
been seen in the wild to actually cause) a segmentation violation.
--
Summary: readdir() does not always return memory of sizeof(struct
dirent)
Product: glibc
Version: 2.3.2
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: derrell dot lipman at unwireduniverse dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=3776
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.