https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85773
Bug ID: 85773
Summary: Embedded nulls in filesystem::path cause problems
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Target Milestone: ---
#include <filesystem>
int main()
{
std::filesystem::create_directories("a/b");
std::string s("a\0/..", 5);
for (auto f : std::filesystem::recursive_directory_iterator(s))
{ }
}
$ GCC 8 -std=c++17 null.cc -lstdc++fs
$ ./a.out
terminate called after throwing an instance of
'std::filesystem::__cxx11::filesystem_error'
what(): filesystem error: cannot increment recursive directory iterator: Too
many open files
Aborted (core dumped)
The problem is that we call opendir(pathname.c_str()) which only reads up to
the null terminator, so we open "a" but then the pathname for the first
element in the iteration sequence is formed by concatenating "a\0/.." / "b" and
then recursing by calling opendir(path("a\0/../b").c_str()) which opens "a"
again. This keeps looping, opening "a" every time until we reach the ulimit for
open files.
