[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct di
|
From: |
Christian Schoenebeck |
|
Subject: |
Re: [PATCH v2] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread |
|
Date: |
Fri, 04 Feb 2022 13:12:10 +0100 |
On Freitag, 4. Februar 2022 01:22:38 CET Dmitry V. Levin wrote:
> On Fri, Feb 04, 2022 at 03:15:16AM +0300, Vitaly Chikunov wrote:
> [...]
>
> > Yes but this will cause another abort() call. I am thinking about v3 fix
> >
> > like this:
> > struct dirent *
> > qemu_dirent_dup(struct dirent *dent)
> > {
> >
> > size_t sz = 0;
> >
> > #if defined _DIRENT_HAVE_D_RECLEN
> >
> > /* Avoid use of strlen() if there's d_reclen. */
> > sz = dent->d_reclen;
> >
> > #endif
> >
> > if (sz == 0) {
> >
> > /* Fallback to the most portable way. */
> > sz = offsetof(struct dirent, d_name) +
> >
> > strlen(dent->d_name) + 1;
> >
> > }
> > struct dirent *dst = g_malloc(sz);
> > return memcpy(dst, dent, sz);
> >
> > }
> >
> > Thus it will use strlen for simulated dirents and d_reclen for real ones
>
> Makes sense.
Then maybe consider to leave your reviewed-by tag on today's v3 Dmitry,
thanks! :)
Best regards,
Christian Schoenebeck