Bug#404205: libc6: readdir() return value is not always as documented

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#404205: libc6: readdir() return value is not always as documented
From: Derrell Lipman <derrell.lipman@unwireduniverse.com>
Date: Fri, 22 Dec 2006 09:23:45 -0500
Message-id: <[🔎] 1166797425.587657.20583.nullmailer@oberon-dev.internal>
Reply-to: Derrell Lipman <derrell.lipman@unwireduniverse.com>, 404205@bugs.debian.org

Package: libc6
Version: 2.3.2.ds1-22
Severity: normal


The readdir() man page states that readdir() returns a pointer to a struct
dirent, and shows the fields of the dirent structure which include
d_name[256].  It appears, however, that readdir() actually returns a pointer
to within the dirp buffer, and if towards the end of the dirp buffer, the
pointer returned by readdir() may not be accessible through the full
sizeof(struct dirent).  This disallows structure assignments or memcpy of the
entire structure as they cause segmentation violations.

The easiest solution to this problem is probably to change the man page to
indicate that, although the structure has a d_name[256] field, it should be
treated, as with POSIX, as only long enough to hold the file name and its
terminating null character.  Accesses beyond that null byte may cause (and
have been seen in the wild to actually cause) a segmentation violation.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libc6 depends on:
ii  libdb1-compat                 2.1.3-7    The Berkeley database routines [gl

-- no debconf information

Reply to:

Prev by Date: [Fwd: Re: [sqlite] Possible Memory Leak]
Next by Date: NANCY
Previous by thread: [Fwd: Re: [sqlite] Possible Memory Leak]
Next by thread: NANCY
Index(es):
- Date
- Thread