Re: [libvirt] [PATCH] virExec: avoid undefined behavior
On 12/03/2010 05:03 PM, Eric Blake wrote:
* src/util/util.c (__virExec): Don't use FD_ISSET on
out-of-bounds fd.
---
Noticed this one by inspection, while investigating
https://bugzilla.redhat.com/show_bug.cgi?id=659855
Don't know if it's the root cause of the crash in that bug, though.
src/util/util.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/util/util.c b/src/util/util.c
index 79ca5d3..1b5bc68 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -570,8 +570,7 @@ __virExec(const char *const*argv,
i != null&&
i != childout&&
i != childerr&&
- (!keepfd ||
- !FD_ISSET(i, keepfd))) {
+ (!keepfd || (i< FD_SETSIZE&& !FD_ISSET(i, keepfd)))) {
tmpfd = i;
VIR_FORCE_CLOSE(tmpfd);
}
ACK. Definitely this could be bad news if OPEN_MAX > FD_SETSIZE, and
even if that's not possible, it doesn't hurt to check anyway.