list_files() memory corruption?
I think I have a fix that avoids the problem by just growing the vector as necessary as the directory is traversed (and no longer uses count_lines()). I don't have access to the code at the moment, but I should be able to post the patch tomorrow. Is there interest in my patch?
On Mon, Mar 15, 2010 at 8:06 PM, Seth Falcon <seth at userprimary.net> wrote:
Hi Alistair, On 3/12/10 4:37 PM, Alistair Gee wrote:
I am using R-2-10 from subversion. In the implementation of do_listfiles() in platform.c, it appears to allocate a vector of length count where count is calculated by count_files(). It then proceeds to call list_files(), passing in the vector but not the value of count. Yet list_files() doesn't seem to check the length of the vector that was allocated. What happens if a new file was added to the file system between the call to count_files() and list_files()? Doesn't this write past the length of the allocated vector?
Good catch. ?I've added a length check to prevent a problem. Cheers, + seth