On Wed, Oct 30, 2013 at 3:31 PM, Eric Blake <eblake@xxxxxxxxxx> wrote:
On 10/30/2013 04:08 PM, Anand Avati wrote:Thanks for starting that. I see an off-by-one in that patch; pre-patch
> Eric,
> Thanks for the insights. I have posted a patch at
> http://review.gluster.org/6201 which clarifies the usage of
> glfs_readdir_r() and also introduce glfs_readdir().
you did:
but post-patch, you have:
strncpy (dirent->d_name, gf_dirent->d_name, 256);
strncpy (dirent->d_name, gf_dirent->d_name, GF_NAME_MAX);
with GF_NAME_MAX set to either NAME_MAX or 255. This is a bug; you MUST
strncpy at least 1 byte more than the maximum name if you are to
guarantee a NUL-terminated d_name for the user.
The buffer is guaranteed to be 0-inited, and strncpy with 255 is now guaranteed to have a NULL terminated string no matter how big the name was (which wasn't the case before, in case the name was > 255 bytes).
Oh, and NAME_MAX is not guaranteed to be defined as 255; if it is larger
than 255 you are wasting memory compared to XFS, if it is less than 255
[although unlikely], you have made it impossible to return valid file
names to the user. You may be better off just hard-coding GF_NAME_MAX
to 255 regardless of what the system has for its NAME_MAX.
Hmm, I don't think so.. strncpy of 255 bytes on to a buffer guaranteed to be 256 or higher and also guaranteed to be 0-memset'ed cannot return an invalid file name. No?
Avati
