Opened 5 years ago

Closed 5 years ago

#1097 closed Bug Report (fixed)

Stack overflow in lilv_dir_for_each()

Reported by: Matt Fischer Owned by: David Robillard
Priority: major Component: Lilv
Keywords: Cc:


The lilv_dir_for_each() function uses readdir() to iterate across the contents of a directory. However, there is a potential for a stack overflow, depending on how the operating system implements the dirent structure. POSIX does not specify the length of the d_name field in the structure--it instead suggests that for readdir calls, the user manually allocate a buffer with enough space to contain the filename (see e.g. On Linux, this generally isn't a problem, because the dirent structure allocates 256 bytes of space to the d_name field, but on QNX it is only declared as an array of length 1, so the code currently in place will cause stack overflows for essentially any filename when run on that platform.

I've attached a patch which implements the technique suggested in the readdir() manpage mentioned above, which seems to eliminate the problem.

Attachments (1)

0001-Fix-stack-overflow.patch (809 bytes) - added by Matt Fischer 5 years ago.

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by Matt Fischer

comment:1 Changed 5 years ago by David Robillard

Resolution: fixed
Status: newclosed

Applied in r5750, thanks.

Note: See TracTickets for help on using tickets.