Package: libc6 Version: 2.3.2.ds1-22 Severity: normal
The readdir() man page states that readdir() returns a pointer to a struct dirent, and shows the fields of the dirent structure which include d_name[256]. It appears, however, that readdir() actually returns a pointer to within the dirp buffer, and if towards the end of the dirp buffer, the pointer returned by readdir() may not be accessible through the full sizeof(struct dirent). This disallows structure assignments or memcpy of the entire structure as they cause segmentation violations. The easiest solution to this problem is probably to change the man page to indicate that, although the structure has a d_name[256] field, it should be treated, as with POSIX, as only long enough to hold the file name and its terminating null character. Accesses beyond that null byte may cause (and have been seen in the wild to actually cause) a segmentation violation. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libc6 depends on: ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]