From owner-freebsd-bugs Wed Apr 12 13:55:22 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA24082 for bugs-outgoing; Wed, 12 Apr 1995 13:55:22 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA24055 for ; Wed, 12 Apr 1995 13:54:42 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id GAA25937; Thu, 13 Apr 1995 06:52:28 +1000 Date: Thu, 13 Apr 1995 06:52:28 +1000 From: Bruce Evans Message-Id: <199504122052.GAA25937@godzilla.zeta.org.au> To: bugs@FreeBSD.org, craig@munich.gcomm.com Subject: Re: seekdir bug Sender: bugs-owner@FreeBSD.org Precedence: bulk >There is a bug when seeking through a directory. telldir() seems to return >a position in the directory that doesnt match the name of the file. I've >included a program that will exploit the bug. I ran it as followed: The man page says that "Values returned by telldir() are good only for the lifetime of the DIR pointer, dirp, from which they are derived." However, it also says that "It is safe to use a previous telldir() value immediately after a call to opendir() and before any calls to readdir()." The second statement is now wrong because telldir() cookies are reclaimed in closedir(). telldir() cookies are malloc()ed and (I think) the memory for them used to be lost in closedir(). Bruce