New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
syscall: ParseDirent is unsafe #15653
Labels
Milestone
Comments
bradfitz
changed the title
syscall.ParseDirent is unsafe
syscall: ParseDirent is unsafe
May 11, 2016
Nice. |
CL https://golang.org/cl/23780 mentions this issue. |
CL https://golang.org/cl/38758 mentions this issue. |
gopherbot
pushed a commit
to golang/sys
that referenced
this issue
Mar 29, 2017
This is a copy of https://golang.org/cl/23780 for the x/sys repo. Don't panic, crash, or return references to uninitialized memory when ParseDirent is passed invalid input. Updates golang/go#15653 Fixes golang/go#19754 Change-Id: Idb7cffe14d48ed662e5a55ecb5249c1907cf4003 Reviewed-on: https://go-review.googlesource.com/38758 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
syscall.ParseDirent does not sufficiently validate its inputs to avoid crashes or returning uninitialized memory to the caller (via unsafe use of unsafe).
e.g., from syscall_linux.go:
The text was updated successfully, but these errors were encountered: