[LTP] [PATCH 2/2] readdir02: use invalid DIR stream descriptor

Cyril Hrubis chrubis@suse.cz
Thu Feb 7 13:51:29 CET 2019


Hi!
> > > In this patch, I simply modify the test to use an exist FILE *
> > > stream to simulate the invalid directory stream descriptor. Then
> > > it won't hit the use-after-free issue any more.
> >
> > Actually I think that the best we can do here is to delete the testcase
> > because:
> >
> > * Casting FILE* to DIR* is IMHO invoking even worse undefined behavior
> >   than the original test that called readdir() on closed DIR*
> >
> 
> Why say this? Does this CASTING will do something more bad?

Yes.

> AFAICT that changing an variable of one data type into another, and
> the worst harmness is to loss of information in the variable so we'd
> better avoid that. But in this test we only need a invalid DIR* for
> readdir() tesst, it does *not* really care about the pointer content I
> guess?

Not at all, both FILE and DIR are typedefs to C structures, which are
just chunks of memory, by doing this you are basically passing random
data to the call because all it does when the C library gets the fd from
these strucutres is that it takes bytes from at some offest in the chunk
of memory. There are no abstract types, methods or objects in C, just
chunks of memory.

> >
> > * We do cover the EBADF for getents() syscalls getents02 test
> >
> 
> I'm sorry, I don't find this testcase in LTP, or did I miss anything?

Sorry typo, it's getdents02.

-- 
Cyril Hrubis
chrubis@suse.cz


More information about the ltp mailing list