Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
1c1a4e41
Commit
1c1a4e41
authored
Sep 17, 2010
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix potential overflow in vlc_readdir()
parent
fc08208b
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
26 additions
and
13 deletions
+26
-13
src/text/filesystem.c
src/text/filesystem.c
+26
-13
No files found.
src/text/filesystem.c
View file @
1c1a4e41
...
...
@@ -38,9 +38,6 @@
#include <stdio.h>
#include <limits.h>
/* NAME_MAX */
#if !defined(NAME_MAX) && defined(_POSIX_NAME_MAX)
# define NAME_MAX _POSIX_NAME_MAX
#endif
#include <errno.h>
#include <sys/types.h>
#include <dirent.h>
...
...
@@ -324,19 +321,35 @@ char *vlc_readdir( DIR *dir )
return
FromWide
(
ent
->
d_name
);
#else
/* Beware that readdir_r() assumes <buf> is large enough to hold the result
* dirent including the file name. A buffer overflow could occur otherwise.
* In particular, pathconf() and _POSIX_NAME_MAX cannot be used here. */
struct
dirent
*
ent
;
struct
{
struct
dirent
ent
;
char
buf
[
NAME_MAX
+
1
];
}
buf
;
int
val
=
readdir_r
(
dir
,
&
buf
.
ent
,
&
ent
);
if
(
val
)
char
*
path
=
NULL
;
long
len
=
fpathconf
(
dirfd
(
dir
),
_PC_NAME_MAX
);
if
(
len
==
-
1
)
{
errno
=
val
;
return
NULL
;
#ifdef NAME_MAX
len
=
NAME_MAX
;
#else
errno
=
ENOMEM
;
return
NULL
;
// OS is broken. There is no sane way to fix this.
#endif
}
return
ent
?
vlc_fix_readdir
(
ent
->
d_name
)
:
NULL
;
len
+=
offsetof
(
struct
dirent
,
d_name
)
+
1
;
struct
dirent
*
buf
=
malloc
(
len
);
if
(
unlikely
(
buf
==
NULL
))
return
NULL
;
int
val
=
readdir_r
(
dir
,
buf
,
&
ent
);
if
(
val
!=
0
)
errno
=
val
;
else
if
(
ent
!=
NULL
)
path
=
vlc_fix_readdir
(
ent
->
d_name
);
free
(
buf
);
return
path
;
#endif
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment