[vlc-devel] [PATCH] Possible buffer overflow in vlc_readdir (fixes #9676)

Iwao AVE! harawata at gmail.com
Mon Jan 20 15:15:06 CET 2014


As replacing readdir_r() with readdir() is harder than I thought, how
about increasing the buffer size as a workaround for __APPLE__

     if (len == -1 || len < NAME_MAX)
         len = NAME_MAX;
+#ifdef __APPLE__
+    /*
+     * The returned value is in characters instead of bytes.
+     * Each character could occupy 4 bytes in UTF-8.
+     */
+    len *= 4;
     len += sizeof (*ent) + 1 - sizeof (ent->d_name);

I understand there is nothing wrong with the current VLC
implementation and it's an ugly solution to say the least, but it
would be better than having a buffer overflow.
I will send a new patch email if it's worth considering.

Thank you!

More information about the vlc-devel mailing list