[vlc-devel] [PATCH] Possible buffer overflow in vlc_readdir (fixes #9676)
Iwao AVE!
harawata at gmail.com
Sat Jan 18 18:37:42 CET 2014
Hi again,
> Then it is not possible for a file name in that directory to exceed 255
> bytes (in the native encoding). By definition.
> So unless the maths VLC performs below the fpathconf() call, is wrong, VLC
> has no bug there.
I see your point. Even Apple's manpage says it returns bytes.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/Manpages/man2/fpathconf.2.html
> (Whether readdir_r() is useful is a different question, but if you want to
> remove it, please check it is OK and please remove vlc_readdir() too.)
I thought about it, but wasn't sure if vlc_readdir() is part of the API or not.
If that's not the case, I have no objection about removing it, of course.
But, to replace readdir_r() with readdir(), I may need to answer
Rafaël's questions.
There is only one question I can answer, at the moment.
> ...have you checked that callers of vlc_readdir
> do not share DIR* pointer with another thread?
I simply grep 'vlc_readdir' in the root dir.
And the result of vlc_opendir() is assigned to a local variable in the
same function as the call to vlc_readdir() in all cases except
vlc_loaddir() in ./src/text/filesystem.c.
I am not sure if the directory stream is shared between multiple
thread in the callers of this function.
I will send a new patch once I found answers to all the questions, but
it wouldn't be soon.
p.s.
I have added a new comment to #9676 with a link to this thread.
Thank you again for your time,
Iwao
More information about the vlc-devel
mailing list