This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)

The readdir() man page states that readdir() returns a pointer to a struct
dirent, and shows the fields of the dirent structure which include d_name[256].
 It appears, however, that readdir() actually returns a pointer to within the
dirp buffer, and if towards the end of the dirp buffer, the pointer returned by
readdir() may not be accessible through the full sizeof(struct dirent).  This
disallows structure assignments or memcpy of the entire structure as they cause
segmentation violations.

The easiest solution to this problem is probably to change the man page to
indicate that, although the structure has a d_name[256] field, it should be
treated, as with POSIX, as only long enough to hold the file name and its
terminating null character.  Accesses beyond that null byte may cause (and have
been seen in the wild to actually cause) a segmentation violation.

           Summary: readdir() does not always return memory of sizeof(struct
           Product: glibc
           Version: 2.3.2
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: derrell dot lipman at unwireduniverse dot com
                CC: glibc-bugs at sources dot redhat dot com

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]