Boost logo

Boost :

From: Takeshi Mouri (takeshi.mouri.net_at_[hidden])
Date: 2005-12-19 05:54:27


On boost 1.33.0 or later,
class directory_iterator is implemented by readdir_r()
for some POSIX platform.
readdir_r() require a memory buffer which is larger than
offsetof(dirent,d_name) + pathconf(dirname,_PC_NAME_MAX) + 1.
But in operations.cpp, the size is sizeof(dirent).

On some platform such as Linux, FreeBSD and Cygwin,
a size of d_name member is 256.
This is a enough size in many cases.
OTOH, the size on Solaris and BeOS is 1.
Therefore directory_iterator always cause buffer overflow.

See also:

In the article above,
calling readdir_r() after pathconf() has race condition,
so it is necessary to secure the size that seems to be perhaps enough.

Possibly, this problem might cause

Takeshi Mouri

Boost list run by bdawes at, gregod at, cpdaniel at, john at