Skip to content

Commit

Permalink
Auto merge of rust-lang#94272 - tavianator:readdir-reclen-for-real, r…
Browse files Browse the repository at this point in the history 
…=cuviper

fs: Don't dereference a pointer to a too-small allocation

ptr::addr_of!((*ptr).field) still requires ptr to point to an
appropriate allocation for its type.  Since the pointer returned by
readdir() can be smaller than sizeof(struct dirent), we need to entirely
avoid dereferencing it as that type.

Link: rust-lang/miri#1981 (comment)
Link: rust-lang#93459 (comment)
  • Loading branch information
@bors
bors committed Mar 7, 2022
2 parents 3d1eaf4 + 478cf8b commit 2631aee
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions library/std/src/sys/unix/fs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -491,14 +491,18 @@ impl Iterator for ReadDir {

// Only d_reclen bytes of *entry_ptr are valid, so we can't just copy the
// whole thing (#93384). Instead, copy everything except the name.
let mut copy: dirent64 = mem::zeroed();
// Can't dereference entry_ptr, so use the local entry to get
// offsetof(struct dirent, d_name)
let copy_bytes = &mut copy as *mut _ as *mut u8;
let copy_name = &mut copy.d_name as *mut _ as *mut u8;
let name_offset = copy_name.offset_from(copy_bytes) as usize;
let entry_bytes = entry_ptr as *const u8;
let entry_name = ptr::addr_of!((*entry_ptr).d_name) as *const u8;
let name_offset = entry_name.offset_from(entry_bytes) as usize;
let mut entry: dirent64 = mem::zeroed();
ptr::copy_nonoverlapping(entry_bytes, &mut entry as *mut _ as *mut u8, name_offset);
let entry_name = entry_bytes.add(name_offset);
ptr::copy_nonoverlapping(entry_bytes, copy_bytes, name_offset);

let ret = DirEntry {
entry,
entry: copy,
// d_name is guaranteed to be null-terminated.
name: CStr::from_ptr(entry_name as *const _).to_owned(),
dir: Arc::clone(&self.inner),
Expand Down

0 comments on commit 2631aee

Please sign in to comment.