Hello, On Sun, 15 May 2011, Cristian Rodríguez wrote:
El 10/05/11 15:15, David Haller escribió:
==== Top of file: ==== #ifndef _POSIX_SOURCE #define _POSIX_SOURCE 1 #endif #include <limits.h> #include <errno.h> [..: former line 373] #else char filename[NAME_MAX], subdir[PATH_MAX]; [..] if (retval) break; retval = snprintf(subdir, PATH_MAX-2, "%s/%s", dirpath, filename); if(retval >= PATH_MAX-2) { errno = ENAMETOOLONG; perror(""); /* oder so ähnlich */ break; } [..] ====
Someone who knows C better should check that though. AFAIK the limit of PATH_MAX-2 ('/' + '\0' + dirpath (w/o '\0') + filename (w/o '\0')) should be ok, but ...
There is other problems with this stuff that upstream has to fix, see the function definition
int dir_size(const char* dirpath, double& size, bool recurse) .. that's going to fail with an integer overflow sooner or later...
** off_t *** dir_size ... and fix the underlying code that is not going to handle stuff correctly in its currrent incarnation...
I'm not that good a C programmer, especially with such stuff, I can identify the problem at times, but fixing it only in really trivial cases[1]. A test program here even failed even with snprintf (but I was tired when I did that, as I'm now). So, better someone experienced should fix that function (and possibly the Windows part as well). Upstream? Maybe something more like a check before snprintf? if( (size_t)(PATH_MAX-2) <= ( strlen(dirpath) + strlen(filename) ) ) { errno = ENAMETOOLONG; perror(""); break; } retval = snprintf(subdir, PATH_MAX-2, "%s/%s", dirpath, filename); if(retval >= PATH_MAX-2 || retval < 0 ) { errno = ENAMETOOLONG; perror(""); exit(errno); } Remember, with stuff like that, I'm a layman. -dnh [1] e.g. a classic _and_ easily identifiable off-by-one error -- But, as we all know, "robust" and "stable" have different meanings in the computer industry. "robust": Probably won't fall over if a gnat farts nearby (unless the gnat is near a sensitive spot). "stable": no longer updated or supported by the manufacturer. -- Steve VanDevender -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org