D8413: Filelight crashes if readdir returns very long file name
Aleksei Nikiforov
noreply at phabricator.kde.org
Sun Oct 22 08:04:30 UTC 2017
i.Dark_Templar created this revision.
i.Dark_Templar added reviewers: sitter, kfunk.
Restricted Application added a subscriber: kde-utils-devel.
REVISION SUMMARY
While it's usually stated that 'struct dirent' has member 'char d_name[PATH_MAX + 1]', it is possible to obtain results when this field contains a string longer than PATH_MAX + 1. Stringbuilder in that case would copy only PATH_MAX + 1 first bytes, and wouldn't add zero terminator to this copied string, which would eventually lead to crash.
How to reproduce:
1. use ntfs filesystem (for example, via ntfs-3g)
Ntfs filesystem uses maximum number of characters for restricting file name length, not bytes, and character may be longer than 1 byte.
2. create a file with name out of > 255 bytes, but less than 255 characters. Use non-ascii characters for that and UTF-8 locale.
It's too long filename for a Linux filesystem, but actually a valid name for ntfs filesystem.
In my case, I hit a file with name of 166 characters and 264 bytes (not including zero terminator).
3. run filelight on filesystem containing that file and see it crash.
What should happen:
Filelight should run fine, and if struct dirent::d_name is longer that PATH_MAX, it should work fine with it.
REPOSITORY
R352 Filelight
REVISION DETAIL
https://phabricator.kde.org/D8413
AFFECTED FILES
src/localLister.cpp
To: i.Dark_Templar, sitter, kfunk
Cc: kde-utils-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-utils-devel/attachments/20171022/3808eabd/attachment.html>
More information about the Kde-utils-devel
mailing list