13 Dec
2004
13 Dec
'04
11:34 a.m.
I wrote:
+ // The required buffer size is the size that struct dirent would + // have were its d_name array to be long enough - which it might + // not be. + const std::size_t buf_len = sizeof( struct dirent ) + - sizeof( ( (struct dirent *) 0 )->d_name ) + + ::pathconf( dir, _PC_NAME_MAX ) + 1;
Oops, this isn't safe; there's a potential race condition that could result in buffer overflow. Replace the pathconf call-expression with just NAME_MAX and it should be OK. Ben. -- Ben Hutchings Klipstein's 4th Law of Prototyping and Production: A fail-safe circuit will destroy others.