From 55e689fb319d6c8d00fb508ea31533d0af3f93d6 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sat, 29 Oct 2011 17:11:18 +0200 Subject: [PATCH] Fix lwpSleepFd()'s guard against unusable fd 0 <= fd < FD_SETSIZE must hold, or else undefined behavior in FD_SET() and buffer overrun in LwpFdwait[fd]. Check of upper bound off by one, check of lower bound missing. --- src/lib/lwp/sel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/lwp/sel.c b/src/lib/lwp/sel.c index 0d0e32248..5920f41a5 100644 --- a/src/lib/lwp/sel.c +++ b/src/lib/lwp/sel.c @@ -29,7 +29,7 @@ * * Known contributors to this file: * Dave Pare, 1994 - * Markus Armbruster, 2007 + * Markus Armbruster, 2007-2011 * Ron Koenderink, 2009 */ @@ -81,7 +81,7 @@ lwpSleepFd(int fd, int mask, struct timeval *timeout) { lwpStatus(LwpCurrent, "sleeping on fd %d for %d", fd, mask); - if (CANT_HAPPEN(fd > FD_SETSIZE)) { + if (CANT_HAPPEN(fd < 0 || fd >= FD_SETSIZE)) { errno = EBADF; return -1; } -- 2.43.0