File and directory primitives are severely broken
Ian Piumarta
piumarta at speakeasy.net
Mon Apr 24 22:06:48 UTC 2006
Many of the file primitives allocate 1000-byte buffers for path names
and pass their address to functions defined in support code, without
passing their length or in any way trying to agree with support code
about what the maximum length of a path name should be. Directory
primitives are worse: in one place a 256-byte buffer is allocated on
the stack and expected to be sufficient for any directory entry.
Here's the portable way to fix this without changing any of the APIs.
I suggest everyone who maintains a platform check that they do indeed
have <limits.h> (its availability is mandated by ANSI C) and once
nobody reports it missing that this header file be included at the
beginning of sq.h. All occurrences of
char buf[1000];
or
char entryName[256];
that allocate space for path names in the file and directory prims
should then be changed to read
char buf[PATH_MAX];
before one of these ticking time bombs explodes in someone's face.
FWIW: The Unix VM uses PATH_MAX religiously when checking for over-
length, or allocating space for, path names. (This is the correct
thing to do.) On OS X PATH_MAX is 1024; on Linux it's 4096.
Cheers,
Ian
More information about the Vm-dev
mailing list