[vlc-devel] [PATCH] Possible buffer overflow in vlc_readdir (fixes #9676)

Iwao AVE! harawata at gmail.com
Sat Jan 18 18:37:42 CET 2014

Hi again,

> Then it is not possible for a file name in that directory to exceed 255
> bytes (in the native encoding). By definition.
> So unless the maths VLC performs below the fpathconf() call, is wrong, VLC
> has no bug there.

I see your point. Even Apple's manpage says it returns bytes.

> (Whether readdir_r() is useful is a different question, but if you want to
> remove it, please check it is OK and please remove vlc_readdir() too.)

I thought about it, but wasn't sure if vlc_readdir() is part of the API or not.
If that's not the case, I have no objection about removing it, of course.

But, to replace readdir_r() with readdir(), I may need to answer
Rafaël's questions.
There is only one question I can answer, at the moment.

> ...have you checked that callers of vlc_readdir
> do not share DIR* pointer with another thread?

I simply grep 'vlc_readdir' in the root dir.
And the result of vlc_opendir() is assigned to a local variable in the
same function as the call to vlc_readdir() in all cases except
vlc_loaddir() in ./src/text/filesystem.c.
I am not sure if the directory stream is shared between multiple
thread in the callers of this function.

I will send a new patch once I found answers to all the questions, but
it wouldn't be soon.

I have added a new comment to #9676 with a link to this thread.

Thank you again for your time,

More information about the vlc-devel mailing list