[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I'm getting segfaults in readdir_r reading from an iso9660 file system.  It
looks to me like the memcpy is trying to copy past the end of the buffer.  I
have attached what I think is the proper fix.  One might argue that it would
be better to use dp->d_reclen, but iso9660 apparently returns the wrong
reclen.  Should I commit this?

Also, the man page needs some work.  NAME_MAX should be MAXNAMLEN (or 255
for Posix) and the readdir_r description should note that it returns 0 on
success (including end of directory) and a non-zero errno on failure.  I can
fix this too if you want.

--- /usr/src/lib/libc/gen/readdir.c	Wed Sep  1 19:19:41 1999
+++ readdir.c	Wed May 16 13:30:46 2001
@@ -98,7 +98,7 @@
 		return errno;
 	if (dp != NULL) 
-		memcpy(entry, dp, sizeof *entry);
+		memcpy(entry, dp, sizeof (struct dirent) - MAXNAMLEN + dp->d_namlen);
 	_FD_UNLOCK(dirp->dd_fd, FD_READ);
 	if (dp != NULL)
 	*result = entry;