On 03/01/2016 09:27 PM, Florian Weimer wrote:
> On 03/01/2016 09:14 PM, Michael Kerrisk (man-pages) wrote:
>
>> What happens with readdir() when it gets a filename that is larger
>> than 255 characters?
>
> Good question. Ugh.
>
> readdir will return a pointer to a struct dirent whose d_name member
> will not be null-terminated, but the memory following the struct dirent
> object will contain the rest of the name, and will eventually be
> null-terminated.
So, in other words, if the caller users a declaration of the form
struct dirent d;
(rather than say allocating a large buffer dynamically), then we have
a buffer overrun?
Cheers,
Michael
> This will work perfectly fine if you don't copy struct dirent objects
> using memcpy, and the compiler does not optimize things too much. We
> should implement compiler support for this wart: inhibit optimizations
> (I think there are already special cases for length-0 and length-1
> arrays at the end, so it's not totally without precedent), and warn
> about sizeof (struct dirent) and using it as a (non-pointer) declarator.
> The second part is likely generally useful for structs whose size is
> not intended to be part of the ABI.
>
> Florian
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
