From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2181) id 47DC73858425; Thu, 22 Dec 2022 11:45:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 47DC73858425 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1671709537; bh=6CIaJVt2l1G1/x2jHLsmjWCjt+PBZyVBoDU24S1aDN4=; h=From:To:Subject:Date:From; b=V6XI3vcCK56P3EVo5l31k6ZejQF8Y0iIPc23b8rP/4PayADkS0oTa6y6XkZ8OyvsD ZGsezzQhKLtX1t9i+V3hVypArW2K3pB5Yt+iDLHVw5EEav+WSfwwlEUi3KdJxtmInW uMNefGaXIS4FarD1bBQOHE8SO7A1U2EbuEN+NHC8= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: Jonathan Wakely To: gcc-cvs@gcc.gnu.org, libstdc++-cvs@gcc.gnu.org Subject: [gcc r11-10434] libstdc++: Fix unsafe use of dirent::d_name [PR107814] X-Act-Checkin: gcc X-Git-Author: Jonathan Wakely X-Git-Refname: refs/heads/releases/gcc-11 X-Git-Oldrev: c4de50835f731b301bd8161be5318de701f2864a X-Git-Newrev: d176d5b3e734cac0ab1e613c3f1bbe48c0bab81a Message-Id: <20221222114537.47DC73858425@sourceware.org> Date: Thu, 22 Dec 2022 11:45:37 +0000 (GMT) List-Id: https://gcc.gnu.org/g:d176d5b3e734cac0ab1e613c3f1bbe48c0bab81a commit r11-10434-gd176d5b3e734cac0ab1e613c3f1bbe48c0bab81a Author: Jonathan Wakely Date: Tue Nov 22 19:15:53 2022 +0000 libstdc++: Fix unsafe use of dirent::d_name [PR107814] Copy the fix for PR 104731 to the equivalent experimental::filesystem test. libstdc++-v3/ChangeLog: PR libstdc++/107814 * testsuite/experimental/filesystem/iterators/error_reporting.cc: Use a static buffer with space after it. (cherry picked from commit 1cac00d013856fea4cee0f13c4959c8e21afd2d9) Diff: --- .../filesystem/iterators/error_reporting.cc | 35 ++++++++++++++-------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc index f005b7d5293..aabed14679c 100644 --- a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc +++ b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc @@ -29,35 +29,44 @@ int choice; -struct dirent global_dirent; - extern "C" struct dirent* readdir(DIR*) { + // On some targets dirent::d_name is very small, but the OS allocates + // a trailing char array after the dirent struct. Emulate that here. + union State + { + struct dirent d; + char buf[sizeof(struct dirent) + 16] = {}; + }; + + static State state; + char* d_name = state.buf + offsetof(struct dirent, d_name); + switch (choice) { case 1: - global_dirent.d_ino = 999; + state.d.d_ino = 999; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_REG - global_dirent.d_type = DT_REG; + state.d.d_type = DT_REG; #endif - global_dirent.d_reclen = 0; - std::char_traits::copy(global_dirent.d_name, "file", 5); + state.d.d_reclen = 0; + std::char_traits::copy(d_name, "file", 5); choice = 0; - return &global_dirent; + return &state.d; case 2: - global_dirent.d_ino = 111; + state.d.d_ino = 111; #if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_DIR - global_dirent.d_type = DT_DIR; + state.d.d_type = DT_DIR; #endif - global_dirent.d_reclen = 60; - std::char_traits::copy(global_dirent.d_name, "subdir", 7); + state.d.d_reclen = 60; + std::char_traits::copy(d_name, "subdir", 7); choice = 1; - return &global_dirent; + return &state.d; default: errno = EIO; return nullptr; } - return &global_dirent; + return &state.d; } void