From: "Philippe Mathieu-Daudé via" <qemu-devel@nongnu.org>
To: "Dmitry V. Levin" <ldv@altlinux.org>,
Vitaly Chikunov <vt@altlinux.org>, Greg Kurz <groug@kaod.org>
Cc: Christian Schoenebeck <qemu_oss@crudebyte.com>,
qemu-devel@nongnu.org, qemu-stable@nongnu.org
Subject: Re: [PATCH v3] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread
Date: Fri, 4 Feb 2022 16:54:12 +0100 [thread overview]
Message-ID: <5c9d8b95-30ec-0801-ab26-51f40958b357@amsat.org> (raw)
In-Reply-To: <20220204155059.GA18407@altlinux.org>
On 4/2/22 16:50, Dmitry V. Levin wrote:
> On Fri, Feb 04, 2022 at 06:32:07PM +0300, Vitaly Chikunov wrote:
> [...]
>>> struct dirent *
>>> qemu_dirent_dup(struct dirent *dent)
>>> {
>>> size_t sz = offsetof(struct dirent, d_name) + _D_EXACT_NAMLEN(dent) + 1;
>>
>> But d_namlen is not populated by synth_direntry, so this will lead to
>> a bug too. Idea is that qemu_dirent_dup handles real dirents and
>> simulated (underpopulated) dirents.
>>
>> Also Linux does not have d_namlen AFAIK, thus this code will not provide
>> any speed up in most cases (and always fallback to strlen), unlike if we
>> use d_reclen.
>>
>> Also, I m not sure if _D_EXACT_NAMLEN is defined on all systems, so this
>> needs ifdefs too.
>
> Yes, _D_EXACT_NAMLEN() is a GNU extension, it was introduced in glibc
> back in 1996 but some popular libcs available for Linux do not provide
> this macro.
Can't we define _D_EXACT_NAMLEN() if not available?
next prev parent reply other threads:[~2022-02-04 15:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-04 5:06 [PATCH v3] 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread Vitaly Chikunov
2022-02-04 12:08 ` Christian Schoenebeck
2022-02-04 12:15 ` Dmitry V. Levin
2022-02-04 12:17 ` Dmitry V. Levin
2022-02-04 13:55 ` Philippe Mathieu-Daudé via
2022-02-04 14:12 ` Christian Schoenebeck
2022-02-04 15:16 ` Greg Kurz
2022-02-04 15:32 ` Vitaly Chikunov
2022-02-04 15:50 ` Dmitry V. Levin
2022-02-04 15:54 ` Philippe Mathieu-Daudé via [this message]
2022-02-04 16:04 ` Christian Schoenebeck
2022-02-04 19:31 ` Philippe Mathieu-Daudé via
2022-02-04 15:33 ` Christian Schoenebeck
2022-02-04 16:19 ` Dmitry V. Levin
2022-02-05 3:23 ` Vitaly Chikunov
2022-02-05 5:58 ` Greg Kurz
2022-02-05 11:36 ` Christian Schoenebeck
2022-02-05 11:58 ` Philippe Mathieu-Daudé via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c9d8b95-30ec-0801-ab26-51f40958b357@amsat.org \
--to=qemu-devel@nongnu.org \
--cc=f4bug@amsat.org \
--cc=groug@kaod.org \
--cc=ldv@altlinux.org \
--cc=qemu-stable@nongnu.org \
--cc=qemu_oss@crudebyte.com \
--cc=vt@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.