"Takeshi Mouri" <takeshi.mouri.net@green.ocn.ne.jp> wrote in message news:B7C6048A94ECDFtakeshi.mouri.net@green.ocn.ne.jp...
Hello,
On boost 1.33.0 or later, class directory_iterator is implemented by readdir_r() for some POSIX platform. readdir_r() require a memory buffer which is larger than offsetof(dirent,d_name) + pathconf(dirname,_PC_NAME_MAX) + 1. But in operations.cpp, the size is sizeof(dirent).
On some platform such as Linux, FreeBSD and Cygwin, a size of d_name member is 256. This is a enough size in many cases. OTOH, the size on Solaris and BeOS is 1. Therefore directory_iterator always cause buffer overflow.
Ouch! I was misreading the POSIX spec.
See also: http://thread.gmane.org/gmane.comp.lib.boost.devel/115104 http://womble.decadentplace.org.uk/readdir_r-advisory.html
In the article above, calling readdir_r() after pathconf() has race condition, so it is necessary to secure the size that seems to be perhaps enough.
Possibly, this problem might cause http://thread.gmane.org/gmane.comp.lib.boost.devel/135820
The same thought occurred to me. I'll try to get a fix in tomorrow. Thanks for the report, --Beman