Fix scandir64 to not free the wrong pieces of memory (which could

and did cause segfaults) by adjusting the working scandir.c to
the the 64 thing.  Fix up potential for mismatches between the
libc and kernel dirent structures, which could also cause ugly
problems.
 -Erik

libc/misc/dirent/dirstream.h

@@ -70,4 +70,8 @@ struct __dirstream {
 #endif
 };				/* stream data from opendir() */
 
+
+extern int __getdents(unsigned int fd, struct dirent *dirp, unsigned int count);
+extern int __getdents64 (unsigned int fd, struct dirent64 *dirp, unsigned int count);
+
 #endif /* dirent.h  */

libc/misc/dirent/readdir.c

@@ -5,8 +5,6 @@
 #include <dirent.h>
 #include "dirstream.h"
 
-extern int getdents __P ((unsigned int fd, struct dirent *dirp, unsigned int count));
-
 
 struct dirent *readdir(DIR * dir)
 {
@@ -25,7 +23,7 @@ struct dirent *readdir(DIR * dir)
 	do {
 	    if (dir->dd_size <= dir->dd_nextloc) {
 		/* read dir->dd_max bytes of directory entries. */
-		bytes = getdents(dir->dd_fd, dir->dd_buf, dir->dd_max);
+		bytes = __getdents(dir->dd_fd, dir->dd_buf, dir->dd_max);
 		if (bytes <= 0) {
 		    de = NULL;
 		    goto all_done;

libc/misc/dirent/readdir64.c

@@ -20,8 +20,6 @@
 #include <dirent.h>
 #include "dirstream.h"
 
-extern int getdents64 __P ((unsigned int fd, struct dirent64 *dirp, unsigned int count));
-
 
 struct dirent64 *readdir64(DIR * dir)
 {
@@ -40,7 +38,7 @@ struct dirent64 *readdir64(DIR * dir)
 	do {
 	    if (dir->dd_size <= dir->dd_nextloc) {
 		/* read dir->dd_max bytes of directory entries. */
-		bytes = getdents64(dir->dd_fd, dir->dd_buf, dir->dd_max);
+		bytes = __getdents64(dir->dd_fd, dir->dd_buf, dir->dd_max);
 		if (bytes <= 0) {
 		    de = NULL;
 		    goto all_done;

libc/misc/dirent/readdir64_r.c

@@ -19,8 +19,6 @@
 #include <dirent.h>
 #include "dirstream.h"
 
-extern int getdents64 __P ((unsigned int fd, struct dirent64 *dirp, unsigned int count));
-
 
 int readdir64_r(DIR *dir, struct dirent64 *entry, struct dirent64 **result)
 {
@@ -41,7 +39,7 @@ int readdir64_r(DIR *dir, struct dirent64 *entry, struct dirent64 **result)
 	do {
 	    if (dir->dd_size <= dir->dd_nextloc) {
 		/* read dir->dd_max bytes of directory entries. */
-		bytes = getdents64(dir->dd_fd, dir->dd_buf, dir->dd_max);
+		bytes = __getdents64(dir->dd_fd, dir->dd_buf, dir->dd_max);
 		if (bytes <= 0) {
 		    *result = NULL;
 		    ret = errno;

libc/misc/dirent/readdir_r.c

@@ -5,8 +5,6 @@
 #include <dirent.h>
 #include "dirstream.h"
 
-extern int getdents __P ((unsigned int fd, struct dirent *dirp, unsigned int count));
-
 
 int readdir_r(DIR *dir, struct dirent *entry, struct dirent **result)
 {
@@ -27,7 +25,7 @@ int readdir_r(DIR *dir, struct dirent *entry, struct dirent **result)
 	do {
 	    if (dir->dd_size <= dir->dd_nextloc) {
 		/* read dir->dd_max bytes of directory entries. */
-		bytes = getdents(dir->dd_fd, dir->dd_buf, dir->dd_max);
+		bytes = __getdents(dir->dd_fd, dir->dd_buf, dir->dd_max);
 		if (bytes <= 0) {
 		    *result = NULL;
 		    ret = errno;

libc/misc/dirent/scandir64.c

@@ -1,27 +1,24 @@
-/* -*- Mode: C; c-file-style: "gnu" -*- */
-/*
-   Copyright (c) 2000 Petter Reinholdtsen
-
-   Permission is hereby granted, free of charge, to any person
-   obtaining a copy of this software and associated documentation
-   files (the "Software"), to deal in the Software without
-   restriction, including without limitation the rights to use, copy,
-   modify, merge, publish, distribute, sublicense, and/or sell copies
-   of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be
-   included in all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-   SOFTWARE.
-*/
+/* Copyright (C) 1992-1998, 2000 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  
+   */
+
+/* Modified for uClibc by Erik Andersen
+   */
 
 #include <features.h>
 #ifdef __UCLIBC_HAS_LFS__
@@ -37,66 +34,80 @@
 #ifdef __USE_FILE_OFFSET64
 # undef __USE_FILE_OFFSET64
 #endif
+
 #include <dirent.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <errno.h>
 #include <sys/types.h>
 #include "dirstream.h"
 
-
-int scandir64(const char *dir, struct dirent64 ***namelist,
-			 int (*selector) (const struct dirent64 *),
-			 int (*compar) (const __ptr_t, const __ptr_t))
+int scandir64(const char *dir, struct dirent64 ***namelist, 
+	int (*selector) (const struct dirent64 *),
+	int (*compar) (const void *, const void *))
 {
-    DIR *d = opendir(dir);
+    DIR *dp = opendir (dir);
     struct dirent64 *current;
-    struct dirent64 **names;
-    int count = 0;
-    int pos = 0;
-    int result = -1;
-
-    if (NULL == d)
-        return -1;
-
-    while (NULL != readdir64(d))
-        count++;
+    struct dirent64 **names = NULL;
+    size_t names_size = 0, pos;
+    int save;
 
-    if (!(names = malloc(sizeof (struct dirent64 *) * count))) {
-	closedir(d);
+    if (dp == NULL)
 	return -1;
-    }
-
-    rewinddir(d);
 
-    while (NULL != (current = readdir64(d))) {
-        if (NULL == selector || selector(current)) {
-            struct dirent64 *copyentry = malloc(current->d_reclen);
-
-            memcpy(copyentry, current, current->d_reclen);
-
-            names[pos] = copyentry;
-            pos++;
-        }
-    }
-    result = closedir(d);
-
-    if (pos != count) {
-	struct dirent64 **tmp;
-	if (!(tmp = realloc(names, sizeof (struct dirent64 *) * pos))) {
-	    free(names);
-	    return -1;
+    save = errno;
+    __set_errno (0);
+
+    pos = 0;
+    while ((current = readdir64 (dp)) != NULL)
+	if (selector == NULL || (*selector) (current))
+	{
+	    struct dirent64 *vnew;
+	    size_t dsize;
+
+	    /* Ignore errors from selector or readdir64 */
+	    __set_errno (0);
+
+	    if (unlikely(pos == names_size))
+	    {
+		struct dirent64 **new;
+		if (names_size == 0)
+		    names_size = 10;
+		else
+		    names_size *= 2;
+		new = (struct dirent64 **) realloc (names, names_size * sizeof (struct dirent64 *));
+		if (new == NULL)
+		    break;
+		names = new;
+	    }
+
+	    dsize = &current->d_name[_D_ALLOC_NAMLEN (current)] - (char *) current;
+	    vnew = (struct dirent64 *) malloc (dsize);
+	    if (vnew == NULL)
+		break;
+
+	    names[pos++] = (struct dirent64 *) memcpy (vnew, current, dsize);
 	}
-	names = tmp;
-    }
 
-
-    if (compar != NULL) {
-	qsort(names, pos, sizeof (struct dirent64 *), compar);
+    if (unlikely(errno != 0))
+    {
+	save = errno;
+	closedir (dp);
+	while (pos > 0)
+	    free (names[--pos]);
+	free (names);
+	__set_errno (save);
+	return -1;
     }
 
-    *namelist = names;
+    closedir (dp);
+    __set_errno (save);
 
+    /* Sort the list if we have a comparison function to sort with.  */
+    if (compar != NULL)
+	qsort (names, pos, sizeof (struct dirent64 *), compar);
+    *namelist = names;
     return pos;
 }
 #endif /* __UCLIBC_HAS_LFS__ */

libc/sysdeps/linux/common/Makefile

@@ -25,7 +25,7 @@ CSRC=	waitpid.c getdnnm.c gethstnm.c getcwd.c \
 	cmsg_nxthdr.c longjmp.c open64.c ftruncate64.c \
 	truncate64.c getrlimit64.c setrlimit64.c creat64.c mmap64.c \
 	llseek.c pread_write.c _exit.c setuid.c sync.c getdirname.c \
-	sendfile64.c xstatconv.c
+	sendfile64.c xstatconv.c getdents.c getdents64.c
 ifneq ($(strip $(EXCLUDE_BRK)),y)
 CSRC+=sbrk.c
 endif

libc/sysdeps/linux/common/getdents.c

@@ -0,0 +1,100 @@
+/* Copyright (C) 1993, 1995-2002 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <alloca.h>
+#include <assert.h>
+#include <errno.h>
+#include <dirent.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sysdep.h>
+#include <sys/syscall.h>
+
+
+#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+
+struct kernel_dirent
+{
+    long int d_ino;
+    __kernel_off_t d_off;
+    unsigned short int d_reclen;
+    char d_name[256];
+};
+
+#define __NR___syscall_getdents __NR_getdents
+static inline _syscall3(int, __syscall_getdents, int, fd, unsigned char *, kdirp, size_t, count);
+
+
+ssize_t __getdents (int fd, char *buf, size_t nbytes)
+{
+    struct dirent *dp;
+    off_t last_offset = -1;
+    ssize_t retval;
+    size_t red_nbytes;
+    struct kernel_dirent *skdp, *kdp;
+    const size_t size_diff = (offsetof (struct dirent, d_name)
+	    - offsetof (struct kernel_dirent, d_name));
+
+    red_nbytes = MIN (nbytes - ((nbytes / 
+		    (offsetof (struct dirent, d_name) + 14)) * size_diff), 
+	    nbytes - size_diff);
+
+    dp = (struct dirent *) buf;
+    skdp = kdp = alloca (red_nbytes);
+
+    retval = __syscall_getdents(fd, (char *)kdp, red_nbytes);
+    if (retval == -1)
+	return -1;
+
+    while ((char *) kdp < (char *) skdp + retval) {
+	const size_t alignment = __alignof__ (struct dirent);
+	/* Since kdp->d_reclen is already aligned for the kernel structure
+	   this may compute a value that is bigger than necessary.  */
+	size_t new_reclen = ((kdp->d_reclen + size_diff + alignment - 1)
+		& ~(alignment - 1));
+	if ((char *) dp + new_reclen > buf + nbytes) {
+	    /* Our heuristic failed.  We read too many entries.  Reset
+	       the stream.  */
+	    assert (last_offset != -1);
+	    lseek(fd, last_offset, SEEK_SET);
+
+	    if ((char *) dp == buf) {
+		/* The buffer the user passed in is too small to hold even
+		   one entry.  */
+		__set_errno (EINVAL);
+		return -1;
+	    }
+	    break;
+	}
+
+	last_offset = kdp->d_off;
+	dp->d_ino = kdp->d_ino;
+	dp->d_off = kdp->d_off;
+	dp->d_reclen = new_reclen;
+	//dp->d_type = DT_UNKNOWN;
+	memcpy (dp->d_name, kdp->d_name,
+		kdp->d_reclen - offsetof (struct kernel_dirent, d_name));
+	dp = (struct dirent *) ((char *) dp + new_reclen);
+	kdp = (struct kernel_dirent *) (((char *) kdp) + kdp->d_reclen);
+    }
+    return (char *) dp - buf;
+}

libc/sysdeps/linux/common/getdents64.c

@@ -0,0 +1,108 @@
+/* Copyright (C) 1993, 1995-2002 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <features.h>
+
+#ifdef __UCLIBC_HAS_LFS__
+
+#include <alloca.h>
+#include <assert.h>
+#include <errno.h>
+#include <dirent.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sysdep.h>
+#include <sys/syscall.h>
+
+
+#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+
+struct kernel_dirent64
+{
+    uint64_t            d_ino;
+    int64_t             d_off;
+    unsigned short int  d_reclen;
+    unsigned char       d_type;
+    char                d_name[256];
+};
+
+
+#define __NR___syscall_getdents64 __NR_getdents64
+static inline _syscall3(int, __syscall_getdents64, int, fd, unsigned char *, dirp, size_t, count);
+
+
+ssize_t __getdents64 (int fd, char *buf, size_t nbytes)
+{
+    struct dirent64 *dp;
+    off64_t last_offset = -1;
+    ssize_t retval;
+    size_t red_nbytes;
+    struct kernel_dirent64 *skdp, *kdp;
+    const size_t size_diff = (offsetof (struct dirent64, d_name)
+	    - offsetof (struct kernel_dirent64, d_name));
+
+    red_nbytes = MIN (nbytes - ((nbytes / 
+		    (offsetof (struct dirent64, d_name) + 14)) * size_diff), 
+	    nbytes - size_diff);
+
+    dp = (struct dirent64 *) buf;
+    skdp = kdp = alloca (red_nbytes);
+
+    retval = __syscall_getdents64(fd, (char *)kdp, red_nbytes);
+    if (retval == -1)
+	return -1;
+
+    while ((char *) kdp < (char *) skdp + retval) {
+	const size_t alignment = __alignof__ (struct dirent64);
+	/* Since kdp->d_reclen is already aligned for the kernel structure
+	   this may compute a value that is bigger than necessary.  */
+	size_t new_reclen = ((kdp->d_reclen + size_diff + alignment - 1)
+		& ~(alignment - 1));
+	if ((char *) dp + new_reclen > buf + nbytes) {
+	    /* Our heuristic failed.  We read too many entries.  Reset
+	       the stream.  */
+	    assert (last_offset != -1);
+	    lseek64(fd, last_offset, SEEK_SET);
+
+	    if ((char *) dp == buf) {
+		/* The buffer the user passed in is too small to hold even
+		   one entry.  */
+		__set_errno (EINVAL);
+		return -1;
+	    }
+	    break;
+	}
+
+	last_offset = kdp->d_off;
+	dp->d_ino = kdp->d_ino;
+	dp->d_off = kdp->d_off;
+	dp->d_reclen = new_reclen;
+	dp->d_type = DT_UNKNOWN;
+	memcpy (dp->d_name, kdp->d_name,
+		kdp->d_reclen - offsetof (struct kernel_dirent64, d_name));
+	dp = (struct dirent64 *) ((char *) dp + new_reclen);
+	kdp = (struct kernel_dirent64 *) (((char *) kdp) + kdp->d_reclen);
+    }
+    return (char *) dp - buf;
+}
+#endif /* __UCLIBC_HAS_LFS__ */
+

libc/sysdeps/linux/common/syscalls.c

@@ -1226,11 +1226,7 @@ _syscall1(int, setfsgid, gid_t, gid);
 //See llseek.c
 
 //#define __NR_getdents         141
-#ifdef L_getdents
-#include <unistd.h>
-#include <dirent.h>
-_syscall3(int, getdents, int, fd, char *, dirp, size_t, count);
-#endif
+// See getdents.c
 
 //#define __NR__newselect       142
 #ifdef L__newselect
@@ -1766,13 +1762,7 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old);
 //#define __NR_madvise1		219	/* delete when C lib stub is removed */
 
 //#define __NR_getdents64		220
-#ifdef L_getdents64
-#ifdef __UCLIBC_HAS_LFS__
-#include <unistd.h>
-#include <dirent.h>
-_syscall3(int, getdents64, int, fd, char *, dirp, size_t, count);
-#endif /* __UCLIBC_HAS_LFS__ */
-#endif
+// See getdents64.c
 
 //#define __NR_fcntl64		221
 #ifdef L__fcntl64