From: Jonathan Wakely <jwakely@redhat.com>
To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org
Subject: [committed] libstdc++: Fix unsafe use of dirent::d_name [PR107814]
Date: Wed, 23 Nov 2022 10:21:16 +0000 [thread overview]
Message-ID: <20221123102116.2194553-1-jwakely@redhat.com> (raw)
Tested x86_64-linux and sparc-sun-solaris2.11. Pushed to trunk.
I'll backport to the branches too.
-- >8 --
Copy the fix for PR 104731 to the equivalent experimental::filesystem
test.
libstdc++-v3/ChangeLog:
PR libstdc++/107814
* testsuite/experimental/filesystem/iterators/error_reporting.cc:
Use a static buffer with space after it.
---
.../filesystem/iterators/error_reporting.cc | 35 ++++++++++++-------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc
index f005b7d5293..aabed14679c 100644
--- a/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc
+++ b/libstdc++-v3/testsuite/experimental/filesystem/iterators/error_reporting.cc
@@ -29,35 +29,44 @@
int choice;
-struct dirent global_dirent;
-
extern "C" struct dirent* readdir(DIR*)
{
+ // On some targets dirent::d_name is very small, but the OS allocates
+ // a trailing char array after the dirent struct. Emulate that here.
+ union State
+ {
+ struct dirent d;
+ char buf[sizeof(struct dirent) + 16] = {};
+ };
+
+ static State state;
+ char* d_name = state.buf + offsetof(struct dirent, d_name);
+
switch (choice)
{
case 1:
- global_dirent.d_ino = 999;
+ state.d.d_ino = 999;
#if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_REG
- global_dirent.d_type = DT_REG;
+ state.d.d_type = DT_REG;
#endif
- global_dirent.d_reclen = 0;
- std::char_traits<char>::copy(global_dirent.d_name, "file", 5);
+ state.d.d_reclen = 0;
+ std::char_traits<char>::copy(d_name, "file", 5);
choice = 0;
- return &global_dirent;
+ return &state.d;
case 2:
- global_dirent.d_ino = 111;
+ state.d.d_ino = 111;
#if defined _GLIBCXX_HAVE_STRUCT_DIRENT_D_TYPE && defined DT_DIR
- global_dirent.d_type = DT_DIR;
+ state.d.d_type = DT_DIR;
#endif
- global_dirent.d_reclen = 60;
- std::char_traits<char>::copy(global_dirent.d_name, "subdir", 7);
+ state.d.d_reclen = 60;
+ std::char_traits<char>::copy(d_name, "subdir", 7);
choice = 1;
- return &global_dirent;
+ return &state.d;
default:
errno = EIO;
return nullptr;
}
- return &global_dirent;
+ return &state.d;
}
void
--
2.38.1
reply other threads:[~2022-11-23 10:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221123102116.2194553-1-jwakely@redhat.com \
--to=jwakely@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=libstdc++@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).