public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent)
@ 2006-12-21 3:15 derrell dot lipman at unwireduniverse dot com
2006-12-21 6:32 ` [Bug libc/3776] " drepper at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: derrell dot lipman at unwireduniverse dot com @ 2006-12-21 3:15 UTC (permalink / raw)
To: glibc-bugs
The readdir() man page states that readdir() returns a pointer to a struct
dirent, and shows the fields of the dirent structure which include d_name[256].
It appears, however, that readdir() actually returns a pointer to within the
dirp buffer, and if towards the end of the dirp buffer, the pointer returned by
readdir() may not be accessible through the full sizeof(struct dirent). This
disallows structure assignments or memcpy of the entire structure as they cause
segmentation violations.
The easiest solution to this problem is probably to change the man page to
indicate that, although the structure has a d_name[256] field, it should be
treated, as with POSIX, as only long enough to hold the file name and its
terminating null character. Accesses beyond that null byte may cause (and have
been seen in the wild to actually cause) a segmentation violation.
--
Summary: readdir() does not always return memory of sizeof(struct
dirent)
Product: glibc
Version: 2.3.2
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: derrell dot lipman at unwireduniverse dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=3776
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/3776] readdir() does not always return memory of sizeof(struct dirent)
2006-12-21 3:15 [Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent) derrell dot lipman at unwireduniverse dot com
@ 2006-12-21 6:32 ` drepper at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: drepper at redhat dot com @ 2006-12-21 6:32 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2006-12-21 06:32 -------
The man pages are not part of glibc and the info pages never say anywhere that
the object pointed to by the return value is at least as large as struct dirent.
The code is fine, glibc's documentation is fine.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=3776
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-12-21 6:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-12-21 3:15 [Bug libc/3776] New: readdir() does not always return memory of sizeof(struct dirent) derrell dot lipman at unwireduniverse dot com
2006-12-21 6:32 ` [Bug libc/3776] " drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).