[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct di
|
From: |
Dmitry V. Levin |
|
Subject: |
Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread |
|
Date: |
Fri, 4 Feb 2022 03:22:38 +0300 |
On Fri, Feb 04, 2022 at 03:15:16AM +0300, Vitaly Chikunov wrote:
[...]
> Yes but this will cause another abort() call. I am thinking about v3 fix
> like this:
>
> struct dirent *
> qemu_dirent_dup(struct dirent *dent)
> {
> size_t sz = 0;
> #if defined _DIRENT_HAVE_D_RECLEN
> /* Avoid use of strlen() if there's d_reclen. */
> sz = dent->d_reclen;
> #endif
> if (sz == 0) {
> /* Fallback to the most portable way. */
> sz = offsetof(struct dirent, d_name) +
> strlen(dent->d_name) + 1;
> }
> struct dirent *dst = g_malloc(sz);
> return memcpy(dst, dent, sz);
> }
>
> Thus it will use strlen for simulated dirents and d_reclen for real ones
Makes sense.
--
ldv