Message-ID: <e63850351003152037k1dbde4c1o2ba9c51ecd02fb4d@mail.gmail.com>
Date: 2010-03-16T03:37:35Z
From: Alistair Gee
Subject: list_files() memory corruption?
In-Reply-To: <4B9EF5D2.8010107@userprimary.net>
I think I have a fix that avoids the problem by just growing the
vector as necessary as the directory is traversed (and no longer uses
count_lines()).
I don't have access to the code at the moment, but I should be able to
post the patch tomorrow. Is there interest in my patch?
On Mon, Mar 15, 2010 at 8:06 PM, Seth Falcon <seth at userprimary.net> wrote:
> Hi Alistair,
>
> On 3/12/10 4:37 PM, Alistair Gee wrote:
>> I am using R-2-10 from subversion.
>>
>> In the implementation of do_listfiles() in platform.c, it appears to
>> allocate a vector of length count where count is calculated by
>> count_files(). It then proceeds to call list_files(), passing in the
>> vector but not the value of count. Yet list_files() doesn't seem to
>> check the length of the vector that was allocated.
>>
>> What happens if a new file was added to the file system between the
>> call to count_files() and list_files()? Doesn't this write past the
>> length of the allocated vector?
>
> Good catch. ?I've added a length check to prevent a problem.
>
> Cheers,
>
> + seth
>