<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 28, 2019 at 11:19 PM Cyril Hrubis <<a href="mailto:chrubis@suse.cz">chrubis@suse.cz</a>> wrote:</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
> <br>
> In this patch, I simply modify the test to use an exist FILE *<br>
> stream to simulate the invalid directory stream descriptor. Then<br>
> it won't hit the use-after-free issue any more.<br>
<br>
Actually I think that the best we can do here is to delete the testcase<br>
because:<br>
<br>
* Casting FILE* to DIR* is IMHO invoking even worse undefined behavior<br>
than the original test that called readdir() on closed DIR*<br></blockquote><div><br></div><div><div class="gmail_default">Why say this? Does this CASTING will do something more bad? AFAICT that changing an variable of one data type into another, and the worst harmness is to loss of information in the variable so we'd better avoid that. But in this test we only need a invalid DIR* for readdir() tesst, it does *not* really care about the pointer content I guess?</div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
* We do cover the EBADF for getents() syscalls getents02 test<br></blockquote><div><br></div><div class="gmail_default" style="font-size:small">I'm sorry, I don't find this testcase in LTP, or did I miss anything?</div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Regards,<br></div><div>Li Wang<br></div></div></div></div></div>