Hello Jan, (Please CC linux-man with notes such as this.) On Tue, Jul 3, 2012 at 3:27 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote: > > In man-pages-3.35's readdir_r(3), this example code is provided: > > """ > Since POSIX.1 does not specify the size of the d_name field, and other > nonstandard fields may precede that field within the dirent structure, > portable applications that use readdir_r() should allocate the buffer > whose address is passed in entry as follows: > > len = offsetof(struct dirent, d_name) + > pathconf(dirpath, _PC_NAME_MAX) + 1 > entryp = malloc(len); > """ > > I have come to regard this as bad(ly implemented) advice. A project > naïvely copied this snippet and then ran into memory corruption. > I propose: > > long ret = pathconf(dirpath, _PC_NAME_MAX); > if (ret < 0) > abort(); > entryp = malloc(offsetof(struct dirent, d_name) + > ret + 1); > > Because it so happened that the particular project (bindfs) used > a non-existing path and got -1 (with errno==ENOENT), thus > allocating way too few space. Yes, the page could be better. I applied a somewhat different patch: [[ --- a/man3/readdir.3 +++ b/man3/readdir.3 @@ -226,8 +226,10 @@ as follows: .in +4n .nf -len = offsetof(struct dirent, d_name) + - pathconf(dirpath, _PC_NAME_MAX) + 1 +name_max = pathconf(dirpath, _PC_NAME_MAX); +if (name_max == \-1) /* Limit not defined, or error */ + name_max = 255; /* Take a guess */ +len = offsetof(struct dirent, d_name) + name_max + 1; entryp = malloc(len); .fi ]] Okay? > NB: pathconf(3) could document some possible errors. That's true. Want to send in a patch? Thanks, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
