This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Fix readdir_r with long file names
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Florian Weimer <fweimer at redhat dot com>, "Michael Kerrisk (man-pages)" <mtk dot manpages at gmail dot com>, Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: Rich Felker <dalias at aerifal dot cx>, Carlos O'Donell <carlos at redhat dot com>, KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>, libc-alpha <libc-alpha at sourceware dot org>, Roland McGrath <roland at hack dot frob dot com>, linux-man <linux-man at vger dot kernel dot org>
- Date: Tue, 1 Mar 2016 14:41:10 -0800
- Subject: Re: [PATCH] Fix readdir_r with long file names
- Authentication-results: sourceware.org; auth=none
- References: <51B0B39F dot 4060202 at redhat dot com> <51B0BD36 dot 3030202 at redhat dot com> <CAHGf_=r9Rz63pho+84ORk0a_oDyJSj-MCnZ56uPrT3L6sVEfeQ at mail dot gmail dot com> <20130607013024 dot GO29800 at brightrain dot aerifal dot cx> <51B19203 dot 3070307 at redhat dot com> <20130607144143 dot GQ29800 at brightrain dot aerifal dot cx> <51B57E35 dot 4080403 at redhat dot com> <51B65EA7 dot 2020402 at redhat dot com> <20130611011324 dot GT29800 at brightrain dot aerifal dot cx> <51B8702D dot 2060505 at redhat dot com> <20130813040038 dot GE21795 at spoyarek dot pnq dot redhat dot com> <520C88A6 dot 9070501 at redhat dot com> <56D54DAD dot 1040306 at gmail dot com> <56D5CA79 dot 9030204 at redhat dot com> <56D5F832 dot 3070209 at gmail dot com> <56D5FB3D dot 5000306 at redhat dot com> <56D607BB dot 6080701 at cs dot ucla dot edu> <56D614AA dot 7020500 at redhat dot com>
On 03/01/2016 02:16 PM, Florian Weimer wrote:
Why not use a flexible array member for this?
For which part, and how exactly?
Something like the attached patch, say. (Totally untested.)
You can't put a flexible array member into a transparent union.
That's OK. Any such usage of struct dirent would be unportable anyway.
If you mean to add some zero-width padding member at the end of the
struct, after the d_name member, then I'm worried that makes overrunning
the d_name array member even more undefined than it already is.
No, no padding member, just use C99 the way it was designed. This
should improve overrun detection in programs like valgrind. With glibc's
current definition these programs can be fooled into thinking that
struct dirent accesses are invalid (outside of array bounds) when they
are actually OK, so people shut off array-bounds checking. If we used
flexible array members, valgrind etc. should know that the array's upper
bound is unknown and should not issue so many false alarms, so people
can leave bounds checking on.
Also, I expect this sort of thing will become more important as GCC
-fbounds-check becomes more practical.
If flexible arrays are no-go for some reason, I suppose we could use
'char 'd_name[SIZE_MAX - 1000];' instead. That should get peoples'
attention. :-)
diff --git a/bits/dirent.h b/bits/dirent.h
index 7b79a53..8546c29 100644
--- a/bits/dirent.h
+++ b/bits/dirent.h
@@ -32,7 +32,7 @@ struct dirent
unsigned char d_namlen; /* Length of the file name. */
/* Only this member is in the POSIX standard. */
- char d_name[1]; /* File name (actually longer). */
+ char d_name __flexarr; /* File name. */
};
#ifdef __USE_LARGEFILE64
@@ -42,8 +42,7 @@ struct dirent64
unsigned short int d_reclen;
unsigned char d_type;
unsigned char d_namlen;
-
- char d_name[1];
+ char d_name __flexarr; /* File name. */
};
#endif