RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 17:57:35 +00:00
Code Issues Activity Actions

LibC: Fix bugs in the population of dirent members.

Browse source 
While adding new functionality which used the d_reclen member
to copy a dirent, I realized that the value being populated
was incorrect. sys_ent::total_size() function calculates the
size of the sys_ent structure, but dirent is larger than sys_ent.
This causes the malloc to be too small and you end up missing
the end of the copy, which can miss the null terminator
resulting in corrupt dirent names.

Since we don't actually use the variable length member nature
of dirent on other platforms we can just use the full size of
the struct ad the d_reclen value.

Also replace the custom strcpy with the standard version.
This commit is contained in:
Brian Gianforcaro 2021-05-02 01:34:59 -07:00 committed by Andreas Kling
parent 234c6ae32d
commit d4d988532a
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Userland/Libraries/LibC/dirent.cpp
View file

@ -68,11 +68,10 @@ static void create_struct_dirent(sys_dirent* sys_ent, struct dirent* str_ent)
str_ent->d_ino = sys_ent->ino; str_ent->d_ino = sys_ent->ino;
str_ent->d_type = sys_ent->file_type; str_ent->d_type = sys_ent->file_type;
str_ent->d_off = 0; str_ent->d_off = 0;
str_ent->d_reclen = sys_ent->total_size(); str_ent->d_reclen = sizeof(struct dirent);
for (size_t i = 0; i < sys_ent->namelen; ++i)
str_ent->d_name[i] = sys_ent->name[i]; int size = min((sys_ent->namelen + 1) * sizeof(char), sizeof(str_ent->d_name));
// FIXME: I think this null termination behavior is not supposed to be here. [[maybe_unused]] auto n = strlcpy(str_ent->d_name, sys_ent->name, size);
str_ent->d_name[sys_ent->namelen] = '\0';
} }
static int allocate_dirp_buffer(DIR* dirp) static int allocate_dirp_buffer(DIR* dirp)