Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFGcq_5DndFD2q=bkuueQaiZgtC8E1EJNdUY7VRR=+hb82hyNw@mail.gmail.com>
Date: Mon, 21 Jul 2025 03:08:14 +0200
From: Luca Kellermann <mailto.luca.kellermann@...il.com>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH 3/4] scandir: fix leaks caused by cancellation

On Sun, Jul 20, 2025 at 00:55:24AM -0400, Rich Felker wrote:
> I'm unclear why they put such a non-normative note there rather than
> normative text saying the behavior is undefined if these functions
> don't satisfy their contract to return a value (and thereby, not to
> cause cancellation to be acted upon, not call longjmp to leave the
> caller's context, etc.). Maybe this should be opened as a bug against
> the spec. For at least some of the other functions that take
> callbacks, it's explicitly undefined if they don't return normally.

If anyone files a bug, it could maybe also include these other issues
I noticed when reading the spec for scandir():

* The spec talks about "strings" but scandir() actually allocates and
  returns dirent structures.
* The RETURN VALUE section does not explicitly say that errno shall
  be set on error.
* The code in the EXAMPLES section calls free(namelist) even if
  scandir() fails.
* compar is not allowed to be a null pointer. That might be
  intentional though.

Luca

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.