public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
[not found] <bug-11333-131@http.sourceware.org/bugzilla/>
@ 2014-06-30 18:44 ` fweimer at redhat dot com
0 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 18:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11333
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
See Also| |https://sourceware.org/bugz
| |illa/show_bug.cgi?id=14699
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
` (6 preceding siblings ...)
2010-05-26 21:56 ` funtoos at yahoo dot com
@ 2010-05-26 23:07 ` kees at outflux dot net
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-05-26 23:07 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-05-26 23:07 -------
Yes, this bug seems to have always existed. I checked back through ancient
Linux kernel history, and it's always padded the dirent up to get the 64bit
alignment.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
` (5 preceding siblings ...)
2010-04-04 17:55 ` kees at outflux dot net
@ 2010-05-26 21:56 ` funtoos at yahoo dot com
2010-05-26 23:07 ` kees at outflux dot net
7 siblings, 0 replies; 9+ messages in thread
From: funtoos at yahoo dot com @ 2010-05-26 21:56 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From funtoos at yahoo dot com 2010-05-26 21:56 -------
Does this apply to earlier glibc versions as well?
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
` (4 preceding siblings ...)
2010-04-04 6:55 ` drepper at redhat dot com
@ 2010-04-04 17:55 ` kees at outflux dot net
2010-05-26 21:56 ` funtoos at yahoo dot com
2010-05-26 23:07 ` kees at outflux dot net
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-04-04 17:55 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-04-04 17:55 -------
Thanks!
http://repo.or.cz/w/glibc.git/commitdiff/1a81139728494810f65aaa0d0c538ff8c2783dd5
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
` (3 preceding siblings ...)
2010-02-27 7:17 ` kees at outflux dot net
@ 2010-04-04 6:55 ` drepper at redhat dot com
2010-04-04 17:55 ` kees at outflux dot net
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: drepper at redhat dot com @ 2010-04-04 6:55 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2010-04-04 06:54 -------
You cannot change the data structure definition, that's an ABI change.
I've added code handling the memcpy.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
` (2 preceding siblings ...)
2010-02-27 6:38 ` kees at outflux dot net
@ 2010-02-27 7:17 ` kees at outflux dot net
2010-04-04 6:55 ` drepper at redhat dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-02-27 7:17 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-02-27 07:16 -------
Looks like the kernel unconditionally aligns/pads to 8 bytes in the 64bit
interface. fs/readdir.c, filldir64() says:
int reclen = ALIGN(NAME_OFFSET(dirent) + namlen + 1, sizeof(u64));
which means it looks like alignment needs to be forced in glibc too. I don't
think __attribute__ ((aligned (sizeof (__off64_t)))) is acceptable for
bits/dirent.h as that's a gcc extension. Thoughts?
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
2010-02-27 6:16 ` [Bug libc/11333] " kees at outflux dot net
2010-02-27 6:16 ` kees at outflux dot net
@ 2010-02-27 6:38 ` kees at outflux dot net
2010-02-27 7:17 ` kees at outflux dot net
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-02-27 6:38 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-02-27 06:38 -------
Created an attachment (id=4638)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=4638&action=view)
test.c
This reports the reclen coming from the dirp->data. sysdeps/unix/readdir_r.c:
bytes = __GETDENTS (dirp->fd, dirp->data, maxread);
...
dp = (DIRENT_TYPE *) &dirp->data[dirp->offset];
...
reclen = dp->d_reclen;
...
*result = memcpy (entry, dp, reclen);
It seems that the memcpy is what overflows. I wonder if adding an
"assert(sizeof(*entry) >= reclen)" should be added in here for fun, too.
--
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4637 is|0 |1
obsolete| |
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
2010-02-27 6:16 ` [Bug libc/11333] " kees at outflux dot net
@ 2010-02-27 6:16 ` kees at outflux dot net
2010-02-27 6:38 ` kees at outflux dot net
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-02-27 6:16 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-02-27 06:16 -------
Created an attachment (id=4637)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=4637&action=view)
test.c
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
@ 2010-02-27 6:16 ` kees at outflux dot net
2010-02-27 6:16 ` kees at outflux dot net
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: kees at outflux dot net @ 2010-02-27 6:16 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From kees at outflux dot net 2010-02-27 06:16 -------
Created an attachment (id=4636)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=4636&action=view)
Makefile
Line-wrapping did nasty things to the 255-character filename in the original
bug description. Here is a Makefile and test.c that demonstrates the issue.
What's really odd is that the 4 byte difference appears to be strictly padding?
All the offsets and sizes are the same between 64bit and 32bit:
./test-native bug-dir
sizeof(struct dirent): 280
sizeof(dirent.d_ino@0): 8
sizeof(dirent.d_off@8): 8
sizeof(dirent.d_reclen@16): 2
sizeof(dirent.d_type@18): 1
sizeof(dirent.d_name@19): 256
./test-m32 bug-dir
sizeof(struct dirent): 276
sizeof(dirent.d_ino@0): 8
sizeof(dirent.d_off@8): 8
sizeof(dirent.d_reclen@16): 2
sizeof(dirent.d_type@18): 1
sizeof(dirent.d_name@19): 256
*** stack smashing detected ***: ./test-m32 terminated
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11333
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-06-30 18:44 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-11333-131@http.sourceware.org/bugzilla/>
2014-06-30 18:44 ` [Bug libc/11333] size of struct dirent does not agree with kernel when using LFS on 32bit fweimer at redhat dot com
2010-02-27 5:56 [Bug libc/11333] New: " kees at outflux dot net
2010-02-27 6:16 ` [Bug libc/11333] " kees at outflux dot net
2010-02-27 6:16 ` kees at outflux dot net
2010-02-27 6:38 ` kees at outflux dot net
2010-02-27 7:17 ` kees at outflux dot net
2010-04-04 6:55 ` drepper at redhat dot com
2010-04-04 17:55 ` kees at outflux dot net
2010-05-26 21:56 ` funtoos at yahoo dot com
2010-05-26 23:07 ` kees at outflux dot net
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).