Package: hurd
Version: N/A
Severity: normal
>From the TODO file:
*** If the target of a symlink is the empty string, stat seems to spin forever !!!
This is not true, instead it crashes with E_BAD_ACCESS. Here is what
happens. Consider 'ln -s "" foo; cat foo'
libdiskfs/dir-lookup.c:
path is "foo", we enter the main loop.
foo is looked up with diskfs_lookup, it is a symlink.
This throws us into line 306:
if (S_ISLNK (np->dn_stat.st_mode)
&& (!lastcomp
|| mustbedir /* "foo/" must see that foo points to a dir */
|| !(flags & (O_NOLINK|O_NOTRANS))))
{
....
if (diskfs_read_symlink_hook)
error = (*diskfs_read_symlink_hook)(np, pathbuf);
[Now pathbuf is left unchanged, because st_size is zero.]
....
pathbuf[nextnamelen + np->dn_stat.st_size] = '\0';
[Now pathbuf is the empty string, our link target]
....
path = pathbuf;
[Now path is the empty string]
....
diskfs_nput (np);
np = 0;
}
[We drop the node np]
....
} while (path && *path);
[Main loop is not entered again to look up the link target, as path is the
empty string]
....
/* At this point, np is the node to return. If newnode is set, then
we just created this node. */
gotit:
type = np->dn_stat.st_mode & S_IFMT;
[The comment does not tell the truth. We die when referencing np == 0]
This is a null pointer reference. I think we need a flag to say: This is a
symlink target, dereference even if path is "", but I haven't tried such a
change yet.
Thanks,
Marcus
_______________________________________________
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/bug-hurd
