From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2181) id 980CD385457B; Wed, 23 Nov 2022 10:20:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 980CD385457B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1669198821; bh=O+J5GBD+p/bgRauVtD/k5vXm+YlUF9RTYErVaQo5Q3w=; h=From:To:Subject:Date:From; b=QsDghlLVh/BgOdg9R062Z/7ZEnBVL3zuel64EEw/hTwHOhrULMg4FTGl7K/u4Ao2M TSJ3FgqGaVrWxV4y58p3XVRcV3Hp4MIJwfqm7yTwfsROVB4FRi2rdIfcu2a8UWH8rG sseo+/ZFKPNqESjdPSYdWLWSF4eiBUHaBXW+TIeo= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: Jonathan Wakely To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org Subject: [gcc r13-4262] libstdc++: Fix unsafe use of dirent::d_name [PR107814] X-Act-Checkin: gcc X-Git-Author: Jonathan Wakely X-Git-Refname: refs/heads/master X-Git-Oldrev: 2650b6f9147c0d855c2763610b8a4bff18f5b5e0 X-Git-Newrev: 1cac00d013856fea4cee0f13c4959c8e21afd2d9 Message-Id: <20221123102021.980CD385457B@sourceware.org> Date: Wed, 23 Nov 2022 10:20:21 +0000 (GMT) List-Id: https://gcc.gnu.org/g:1cac00d013856fea4cee0f13c4959c8e21afd2d9 commit r13-4262-g1cac00d013856fea4cee0f13c4959c8e21afd2d9 Author: Jonathan Wakely Date: Tue Nov 22 19:15:53 2022 +0000 libstdc++: Fix unsafe use of dirent::d_name [PR107814] Copy the fix for PR 104731 to the equivalent experimental::filesystem test. libstdc++-v3/ChangeLog: PR libstdc++/107814 * testsuite/experimental/filesystem/iterators/error_reporting.cc: Use a static buffer with space after it. Diff: --- .../filesystem/iterators/error_reporting.cc | 35 ++++++++++++++-------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc index f005b7d5293..aabed14679c 100644 --- a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc +++ b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc @@ -29,35 +29,44 @@ int choice; -struct dirent global_dirent; - extern "C" struct dirent* readdir(DIR*) { + // On some targets dirent::d_name is very small, but the OS allocates + // a trailing char array after the dirent struct. Emulate that here. + union State + { + struct dirent d; + char buf[sizeof(struct dirent) + 16] = {}; + }; + + static State state; + char* d_name = state.buf + offsetof(struct dirent, d_name); + switch (choice) { case 1: - global_dirent.d_ino = 999; + state.d.d_ino = 999; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_REG - global_dirent.d_type = DT_REG; + state.d.d_type = DT_REG; #endif - global_dirent.d_reclen = 0; - std::char_traits::copy(global_dirent.d_name, "file", 5); + state.d.d_reclen = 0; + std::char_traits::copy(d_name, "file", 5); choice = 0; - return &global_dirent; + return &state.d; case 2: - global_dirent.d_ino = 111; + state.d.d_ino = 111; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_DIR - global_dirent.d_type = DT_DIR; + state.d.d_type = DT_DIR; #endif - global_dirent.d_reclen = 60; - std::char_traits::copy(global_dirent.d_name, "subdir", 7); + state.d.d_reclen = 60; + std::char_traits::copy(d_name, "subdir", 7); choice = 1; - return &global_dirent; + return &state.d; default: errno = EIO; return nullptr; } - return &global_dirent; + return &state.d; } void