Bug#404205: libc6: readdir() return value is not always as documented
control: reassign -1 manpages-dev
control: fixed -1 manpages-dev/4.0.5
control: close -1 manpages-dev/4.0.5
Hi,
On 2006-12-22 09:23, Derrell Lipman wrote:
> Package: libc6
> Version: 2.3.2.ds1-22
> Severity: normal
>
>
> The readdir() man page states that readdir() returns a pointer to a struct
> dirent, and shows the fields of the dirent structure which include
> d_name[256]. It appears, however, that readdir() actually returns a pointer
> to within the dirp buffer, and if towards the end of the dirp buffer, the
> pointer returned by readdir() may not be accessible through the full
> sizeof(struct dirent). This disallows structure assignments or memcpy of the
> entire structure as they cause segmentation violations.
>
> The easiest solution to this problem is probably to change the man page to
> indicate that, although the structure has a d_name[256] field, it should be
> treated, as with POSIX, as only long enough to hold the file name and its
> terminating null character. Accesses beyond that null byte may cause (and
> have been seen in the wild to actually cause) a segmentation violation.
So this is actually a documentation issue, and not a glibc one. Given
the manpage is provided by the manpages-dev package, I am reassigning
the bug to there. The issue has been fixed in the meantime, in
manpages-dev version 4.05. Closing the bug accordingly.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://aurel32.net
Reply to: