On Thu, 7 Sep 2000, Tom Oehser wrote:
> At line 355 of namelist.c is:
>
> strcat(name, d->d_name);
>
> which is what is segfaulting. But:
>
> strncat(name, d->d_name, strlen(d->d_name));
>
> does not segfault.
This does not put a terminating null on the name. When all your I/O goes
well, this is not a problem, because of the memset on line 331. It does,
however, introduce a new bug, which can lead to corrupt names in the
following case:
1) You construct a relatively long name
2) PAX_lstat failes on line 377
3) When you move on to the next name, it is shorter than the previous one.
For example, if you had "tomsrtbt/oesehr" as the first name, and then
"tomsrtbt/tom" as the second one, you would have a string which was
"tomsrtbt/tomehr".
It can also happen if opendir fails on line 421 and causes you to ascend
the directory hierarchy, shortening the name.
The solution is to add the terminating null after line 355:
name[strlen(curr_dir->dirname) + strlen(d->d_name)] = '\0';
Or to move the memset from line 331 down into the loop.
Performance would seem to indicate the first choice.
-Conan
