Hi folks,
Should you be allowed to call dirname(3) on the results of a previous
dirname(3) call?
On NetBSD 8:
thoreau 49994> cat dirtest.c
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int
main(void)
{
char *p = "/a/b/c";
while (strlen(p) > 1) {
printf("p = %s\n", p);
p = dirname(p);
}
exit(0);
}
thoreau 49995> cc -o dirtest dirtest.c
thoreau 49996> ./dirtest
p = /a/b/c
p = /a/b
Abort (core dumped)
thoreau 49996>
and also fails Debian 9:
otos 19> ./dirtest
p = /a/b/c
Segmentation fault
otos 20>
but works on NetBSD 6:
backup 67> ./dirtest
p = /a/b/c
p = /a/b
p = /a
backup 68>
On NetBSD 8 the abort is down to line 86 of lib/libc/gen/dirname.c where
for this call to memcpy(3):
memcpy(buf, path, buflen);
buf and path are the same and then the SSP checks in __memcpy_chk()
abort because these (obviously!) overlap.
Is the correct fix to use memmove(3) instead of memcpy(3) inside
dirname(3), or are we restricted by some standard from having dirname(3)
be able to be called on the results of a previous dirname(3) call in
which case we should document this in the manpage?
Cheers,
Simon.
