mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 22:47:44 +00:00
Kernel+LibC: Don't crash upon traversal of large directories.
This commit is contained in:
parent
7b32afdcfc
commit
86e2348b74
2 changed files with 16 additions and 7 deletions
|
@ -278,8 +278,9 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
|
|||
if (!metadata.is_directory())
|
||||
return -ENOTDIR;
|
||||
|
||||
// FIXME: Compute the actual size needed.
|
||||
auto temp_buffer = ByteBuffer::create_uninitialized(2048);
|
||||
int size_to_allocate = max(PAGE_SIZE, metadata.size);
|
||||
|
||||
auto temp_buffer = ByteBuffer::create_uninitialized(size_to_allocate);
|
||||
BufferStream stream(temp_buffer);
|
||||
VFS::the().traverse_directory_inode(*m_inode, [&stream] (auto& entry) {
|
||||
stream << (dword)entry.inode.index();
|
||||
|
@ -288,11 +289,12 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
|
|||
stream << entry.name;
|
||||
return true;
|
||||
});
|
||||
stream.snip();
|
||||
|
||||
if (size < stream.offset())
|
||||
if (size < temp_buffer.size())
|
||||
return -1;
|
||||
|
||||
memcpy(buffer, temp_buffer.pointer(), stream.offset());
|
||||
memcpy(buffer, temp_buffer.pointer(), temp_buffer.size());
|
||||
return stream.offset();
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue