This is the mail archive of the java-patches@gcc.gnu.org mailing list for the Java project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

PATCH: fix buffer overrun in natFile.cc



On sparc-solaris, I find File.list() somtimes dumps core, for instance if 
libgcj is compiled with -O0.  In natFile.cc we have

    struct dirent *d, d2;
    while ((d = get_entry (dir, &d2)) != NULL)

and

  static struct dirent *
  get_entry (DIR *dir, struct dirent *e)
  {
    struct dirent *r;
    if (readdir_r (dir, e, &r) || r == NULL)

but the info page for readdir_r says `e' must be at least (sizeof (struct
dirent) + NAME_MAX + 1) bytes.  Oops.

I've tested the patch below on sparc-sun-solaris2.7 and
alphapca56-unknown-linux-gnu.  Since NAME_MAX is not always available, I
settled on pathconf which seems to exist at least on the targets we
support.

OK for mainline?  (I'd say branch too but I don't think this is actually a
regression.)

2001-05-29  Jeff Sturm  <jsturm@one-point.com>

	* natFile.cc (get_entry): Return `r', not `e'.
	(performList): Allocate enough storage for d_name if
	using readdir_r.

===================================================================
RCS file: /cvs/gcc/gcc/libjava/java/io/natFile.cc,v
retrieving revision 1.7.4.3
diff -u -p -r1.7.4.3 natFile.cc
--- natFile.cc	2001/04/30 23:07:43	1.7.4.3
+++ natFile.cc	2001/05/29 22:20:52
@@ -139,7 +139,7 @@ get_entry (DIR *dir, struct dirent *e)
   struct dirent *r;
   if (readdir_r (dir, e, &r) || r == NULL)
     return NULL;
-  return e;
+  return r;
 }
 
 #else /* defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R) */
@@ -168,9 +168,14 @@ java::io::File::performList (java::io::F
   if (! dir)
     return NULL;
 
+
   java::util::ArrayList *list = new java::util::ArrayList ();
-  struct dirent *d, d2;
-  while ((d = get_entry (dir, &d2)) != NULL)
+  struct dirent *d, *dbuf = NULL;
+#if defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R)
+  int name_max = pathconf (buf, _PC_NAME_MAX);
+  dbuf = (struct dirent *) _Jv_Malloc (sizeof (struct dirent) + name_max + 1);
+#endif
+  while ((d = get_entry (dir, dbuf)) != NULL)
     {
       // Omit "." and "..".
       if (d->d_name[0] == '.'
@@ -195,6 +200,9 @@ java::io::File::performList (java::io::F
     }
 
   closedir (dir);
+#if defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R)
+  _Jv_Free (dbuf);
+#endif
 
   jobjectArray ret = JvNewObjectArray (list->size(), result_type, NULL);
   list->toArray(ret);


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]