[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] virExec: avoid undefined behavior



On 12/03/2010 05:03 PM, Eric Blake wrote:
* src/util/util.c (__virExec): Don't use FD_ISSET on out-of-bounds fd.
---

Noticed this one by inspection, while investigating
https://bugzilla.redhat.com/show_bug.cgi?id=659855

Don't know if it's the root cause of the crash in that bug, though.

  src/util/util.c |    3 +--
  1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/src/util/util.c b/src/util/util.c
index 79ca5d3..1b5bc68 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -570,8 +570,7 @@ __virExec(const char *const*argv,
              i != null&&
              i != childout&&
              i != childerr&&
-            (!keepfd ||
-             !FD_ISSET(i, keepfd))) {
+            (!keepfd || (i<  FD_SETSIZE&&  !FD_ISSET(i, keepfd)))) {
              tmpfd = i;
              VIR_FORCE_CLOSE(tmpfd);
          }

ACK. Definitely this could be bad news if OPEN_MAX > FD_SETSIZE, and even if that's not possible, it doesn't hurt to check anyway.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]