Created attachment 6904 [details] Fix invalid assumption about dirent structure definition The code assumed that dirent.d_name is statically defined as an array large enough to hold the name. On Solaris this isn't the case: d_name is defined as 'char d_name[1]'. Posix also does not specify that the static definition must be a full-sized array. The result is a major buffer overflow on such systems. One implication of this is that dirent's need not all be the same size. The fix here therefore removes both those assumptions. It allocates a buffer that contains a set of pointers to dirent's, followed by the actual dirent's. Furthermore it copies the individual dirent's based on their actual dynamic size, not the static size of the struct. As an optimization it makes use of popular, but non-posix-defined struct members where available to efficiently determine the size, but falls back to the always correct strlen() if these are not available. A side effect of this is that this reduces the memory use quite significantly in most cases. Note: for the patch to apply cleanly, the previous patches in bugs 8463, 8464, and 8465 need to be applied first.
this is still unfixed and needs fixing.