This is the mail archive of the
java-patches@gcc.gnu.org
mailing list for the Java project.
PATCH: fix buffer overrun in natFile.cc
- To: java-patches at gcc dot gnu dot org
- Subject: PATCH: fix buffer overrun in natFile.cc
- From: Jeff Sturm <jsturm at one-point dot com>
- Date: Wed, 30 May 2001 00:28:26 -0400 (EDT)
On sparc-solaris, I find File.list() somtimes dumps core, for instance if
libgcj is compiled with -O0. In natFile.cc we have
struct dirent *d, d2;
while ((d = get_entry (dir, &d2)) != NULL)
and
static struct dirent *
get_entry (DIR *dir, struct dirent *e)
{
struct dirent *r;
if (readdir_r (dir, e, &r) || r == NULL)
but the info page for readdir_r says `e' must be at least (sizeof (struct
dirent) + NAME_MAX + 1) bytes. Oops.
I've tested the patch below on sparc-sun-solaris2.7 and
alphapca56-unknown-linux-gnu. Since NAME_MAX is not always available, I
settled on pathconf which seems to exist at least on the targets we
support.
OK for mainline? (I'd say branch too but I don't think this is actually a
regression.)
2001-05-29 Jeff Sturm <jsturm@one-point.com>
* natFile.cc (get_entry): Return `r', not `e'.
(performList): Allocate enough storage for d_name if
using readdir_r.
===================================================================
RCS file: /cvs/gcc/gcc/libjava/java/io/natFile.cc,v
retrieving revision 1.7.4.3
diff -u -p -r1.7.4.3 natFile.cc
--- natFile.cc 2001/04/30 23:07:43 1.7.4.3
+++ natFile.cc 2001/05/29 22:20:52
@@ -139,7 +139,7 @@ get_entry (DIR *dir, struct dirent *e)
struct dirent *r;
if (readdir_r (dir, e, &r) || r == NULL)
return NULL;
- return e;
+ return r;
}
#else /* defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R) */
@@ -168,9 +168,14 @@ java::io::File::performList (java::io::F
if (! dir)
return NULL;
+
java::util::ArrayList *list = new java::util::ArrayList ();
- struct dirent *d, d2;
- while ((d = get_entry (dir, &d2)) != NULL)
+ struct dirent *d, *dbuf = NULL;
+#if defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R)
+ int name_max = pathconf (buf, _PC_NAME_MAX);
+ dbuf = (struct dirent *) _Jv_Malloc (sizeof (struct dirent) + name_max + 1);
+#endif
+ while ((d = get_entry (dir, dbuf)) != NULL)
{
// Omit "." and "..".
if (d->d_name[0] == '.'
@@ -195,6 +200,9 @@ java::io::File::performList (java::io::F
}
closedir (dir);
+#if defined(__JV_POSIX_THREADS__) && defined(HAVE_READDIR_R)
+ _Jv_Free (dbuf);
+#endif
jobjectArray ret = JvNewObjectArray (list->size(), result_type, NULL);
list->toArray(ret);