public
/
FUZIX.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d114115
)
readdir: string length bug fix
author
b2m
<>
Wed, 3 Dec 2014 21:35:30 +0000
(16:35 -0500)
committer
Alexander Tsidaev
<a.tsidaev@gmail.com>
Wed, 3 Dec 2014 21:35:30 +0000
(16:35 -0500)
If len is 32 (maximum possible value), then we going to write at buf->d_name[31]. Since the d_name length is 31, write is performed outside the string boundaries.
Library/libs/readdir.c
patch
|
blob
|
history
diff --git
a/Library/libs/readdir.c
b/Library/libs/readdir.c
index
e326dfe
..
44f0afe
100644
(file)
--- a/
Library/libs/readdir.c
+++ b/
Library/libs/readdir.c
@@
-34,6
+34,6
@@
struct dirent *readdir(DIR * dir)
buf->d_off = -1; /* FIXME */
buf->d_reclen = len + 1;
strncpy(buf->d_name, (char *) direntry.d_name, len - 2);
- buf->d_name[len -
1
] = 0;
+ buf->d_name[len -
2
] = 0;
return buf;
}