From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2181) id D6F983857B8E; Wed, 21 Dec 2022 11:36:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D6F983857B8E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1671622619; bh=jYl6d2zYBlmLzWq7lt0V84rsmK2qGX8rx/rl/TJOF1g=; h=From:To:Subject:Date:From; b=GA94a5bX9V8Y3p1vq0vekpMB/tsDxIJfnHKBwIGSMqBYzq6y7s17DCxYtoSOtPnyA l8+8Drftlv7UAF+6oCNwczuNDGc3d9X2gQOfv6bbeO6/SbO9Qo31H1sE9JrnZPLTEZ wB1DR1yuFmYz3xp7Ajvv4qzRsFAYMh/S49ZMot5A= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: Jonathan Wakely To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org Subject: [gcc r12-9005] libstdc++: Fix unsafe use of dirent::d_name [PR107814] X-Act-Checkin: gcc X-Git-Author: Jonathan Wakely X-Git-Refname: refs/heads/releases/gcc-12 X-Git-Oldrev: 35ad6ec3bb6ea6ef369c2d851b52e156420046a4 X-Git-Newrev: 52daccd82cd71bd065826784ebb6eb04fa9b42af Message-Id: <20221221113659.D6F983857B8E@sourceware.org> Date: Wed, 21 Dec 2022 11:36:59 +0000 (GMT) List-Id: https://gcc.gnu.org/g:52daccd82cd71bd065826784ebb6eb04fa9b42af commit r12-9005-g52daccd82cd71bd065826784ebb6eb04fa9b42af Author: Jonathan Wakely Date: Tue Nov 22 19:15:53 2022 +0000 libstdc++: Fix unsafe use of dirent::d_name [PR107814] Copy the fix for PR 104731 to the equivalent experimental::filesystem test. libstdc++-v3/ChangeLog: PR libstdc++/107814 * testsuite/experimental/filesystem/iterators/error_reporting.cc: Use a static buffer with space after it. (cherry picked from commit 1cac00d013856fea4cee0f13c4959c8e21afd2d9) Diff: --- .../filesystem/iterators/error_reporting.cc | 35 ++++++++++++++-------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc index f005b7d5293..aabed14679c 100644 --- a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc +++ b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc @@ -29,35 +29,44 @@ int choice; -struct dirent global_dirent; - extern "C" struct dirent* readdir(DIR*) { + // On some targets dirent::d_name is very small, but the OS allocates + // a trailing char array after the dirent struct. Emulate that here. + union State + { + struct dirent d; + char buf[sizeof(struct dirent) + 16] = {}; + }; + + static State state; + char* d_name = state.buf + offsetof(struct dirent, d_name); + switch (choice) { case 1: - global_dirent.d_ino = 999; + state.d.d_ino = 999; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_REG - global_dirent.d_type = DT_REG; + state.d.d_type = DT_REG; #endif - global_dirent.d_reclen = 0; - std::char_traits::copy(global_dirent.d_name, "file", 5); + state.d.d_reclen = 0; + std::char_traits::copy(d_name, "file", 5); choice = 0; - return &global_dirent; + return &state.d; case 2: - global_dirent.d_ino = 111; + state.d.d_ino = 111; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_DIR - global_dirent.d_type = DT_DIR; + state.d.d_type = DT_DIR; #endif - global_dirent.d_reclen = 60; - std::char_traits::copy(global_dirent.d_name, "subdir", 7); + state.d.d_reclen = 60; + std::char_traits::copy(d_name, "subdir", 7); choice = 1; - return &global_dirent; + return &state.d; default: errno = EIO; return nullptr; } - return &global_dirent; + return &state.d; } void