This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
If not using smallbuf and len > sizeof(d_name), Move() is illegal.
authorJarkko Hietaniemi <jhi@iki.fi>
Wed, 3 Feb 2016 14:53:54 +0000 (09:53 -0500)
committerJarkko Hietaniemi <jhi@iki.fi>
Sun, 7 Feb 2016 13:23:46 +0000 (08:23 -0500)
commit1d41bb72a83da5edae35c341de2a89563c136fe7
treecba59df120cc39e9d2f95ff600ff7f38b8422d9f
parent12bea05d2512457020ef26833c802cb21cd5632e
If not using smallbuf and len > sizeof(d_name), Move() is illegal.

Coverity CID 135024: Out-of-bounds access (OVERRUN)

If the len is not <= sizeof(smallbuf), the len is at least
sizeof(smallbuf) + 1, which means at least 257.  Now, if the
sizeof(dirent->d_name) is < 257, the Move() would access bytes
beyond the end of d_name[].  Yes, this would need for the d_namlen
(for example) to be out of sync with d_name[].  But paranoia is good.

Because of the severity of the problem (indicating serious mess),
returning NULL instead of partial result is probably better.

Possible portability problem: can d_name ever be not an array,
but instead a bare char pointer?  If that can happen, the sizeof(d_name)
is wrong, and in that case we have to have some other way of figuring
out the maximum size for a directory entry name.

The smallbuf probably could/should be of size MAXPATHLEN.
sv.c