In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the native dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Signed-off-by: Dmitry V. Levin
---
li
In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Signed-off-by: Dmitry V. Levin
---
li
In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Signed-off-by: Dmitry V. Levin
---
li
In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Signed-off-by: Dmitry V. Levin
---
li
On Fri, Feb 04, 2022 at 03:15:16AM +0300, Vitaly Chikunov wrote:
[...]
> Yes but this will cause another abort() call. I am thinking about v3 fix
> like this:
>
> struct dirent *
> qemu_dirent_dup(struct dirent *dent)
> {
> size_t sz = 0;
> #if defined _DIRENT_HAVE_D_RECLEN
> /
On Fri, Feb 04, 2022 at 03:15:38PM +0300, Dmitry V. Levin wrote:
> On Fri, Feb 04, 2022 at 08:06:09AM +0300, Vitaly Chikunov wrote:
> > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > than `sizeof(struct dirent)', thus memcpy of sizeof leng
* Avoid use of strlen() if there's d_reclen. */
> +sz = dent->d_reclen;
> +#endif
> +if (sz == 0) {
> +/* Fallback to the most portable way. */
> +sz = offsetof(struct dirent, d_name) +
> + strlen(dent->d_name) + 1;
> +}
> +struct dirent *dst = g_malloc(sz);
> +return memcpy(dst, dent, sz);
> +}
Reviewed-by: Dmitry V. Levin"
--
ldv
On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
[...]
> > struct dirent *
> > qemu_dirent_dup(struct dirent *dent)
> > {
> > size_t sz = offsetof(struct dirent, d_name) + _D_EXACT_NAMLEN(dent) + 1;
>
> But d_namlen is not populated by synth_direntry, so this will lead to
> a b
On Fri, Feb 04, 2022 at 02:55:45PM +0100, Philippe Mathieu-Daudé wrote:
> On 4/2/22 06:06, Vitaly Chikunov wrote:
> > `struct dirent' returned from readdir(3) could be shorter (or longer)
> > than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
> > into unallocated page causing
On Thu, Dec 27, 2018 at 06:18:19PM +0100, Florian Weimer wrote:
> We have a bit of an interesting problem with respect to the d_off
> field in struct dirent.
>
> When running a 64-bit kernel on certain file systems, notably ext4,
> this field uses the full 63 bits even for small directories (strac
10 matches
Mail list logo
