This is the mail archive of the
libstdc++@gcc.gnu.org
mailing list for the libstdc++ project.
Re: [patch] libstdc++/67747 Allocate space for dirent::d_name
- From: Jonathan Wakely <jwakely at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: libstdc++ at gcc dot gnu dot org, gcc-patches at gcc dot gnu dot org
- Date: Fri, 2 Oct 2015 13:34:28 +0100
- Subject: Re: [patch] libstdc++/67747 Allocate space for dirent::d_name
- Authentication-results: sourceware.org; auth=none
- References: <20150929113726 dot GU12094 at redhat dot com> <560E759E dot 2000005 at redhat dot com>
On 02/10/15 14:16 +0200, Florian Weimer wrote:
On 09/29/2015 01:37 PM, Jonathan Wakely wrote:
POSIX says that dirent::d_name has an unspecified length, so calls to
readdir_r must pass a buffer with enough trailing space for
{NAME_MAX}+1 characters. I wasn't doing that, which works OK on
GNU/Linux and BSD where d_name is a large array, but fails on Solaris
32-bit.
This uses pathconf to get NAME_MAX and allocates a buffer.
This still has a buffer overflow on certain file systems.
You must not use readdir_r, it is deprecated and always insecure. We
should probably mark it as such in the glibc headers.
OK, I'll just use readdir() then. The directory stream is private to
the library type, so the only way to call readdir() concurrently on a
single directory stream is to increment iterators concurrently, which
is undefined anyway.
So that will work as long as readdir() doesn't use a global static
buffer shared between streams, i.e. it meets the POSIX requirement
that "They shall not be affected by a call to readdir() on a different
directory stream." I don't know if mingw meets that, but there is lots
of work needed to make this stuff work in mingw.
Have we already released code which uses readdir_r?
No, it's only on trunk and the gcc-5-branch, not in any release.