diff options
author | Jed Davis <jld@mozilla.com> | 2022-08-02 16:44:38 +0200 |
---|---|---|
committer | Jed Davis <jld@mozilla.com> | 2022-08-02 16:44:38 +0200 |
commit | d1c128c0b2d1a41864a3c2698c8e22ff0cf7cc64 (patch) | |
tree | e025ea1afc02fa87f8cef9dc9aa250adbc4e6646 | |
parent | 3d34ac0ea5457736478224bf9952dd0faf1c7b10 (diff) | |
download | nspr-hg-d1c128c0b2d1a41864a3c2698c8e22ff0cf7cc64.tar.gz |
Bug 1760611 - Add file descriptor sanity checks in NSPR poll. r=glandium
Thanks to Jesse Schwartzentruber for the suggestion.
-rw-r--r-- | pr/src/md/unix/unix.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/pr/src/md/unix/unix.c b/pr/src/md/unix/unix.c index d9e35925..f71d1f66 100644 --- a/pr/src/md/unix/unix.c +++ b/pr/src/md/unix/unix.c @@ -3641,7 +3641,8 @@ int poll(struct pollfd *filedes, unsigned long nfds, int timeout) int events = filedes[i].events; PRBool fdHasEvent = PR_FALSE; - if (osfd < 0) { + PR_ASSERT(osfd < FD_SETSIZE); + if (osfd < 0 || osfd >= FD_SETSIZE) { continue; /* Skip this osfd. */ } @@ -3686,6 +3687,10 @@ int poll(struct pollfd *filedes, unsigned long nfds, int timeout) if (filedes[i].fd < 0) { continue; } + if (filedes[i].fd >= FD_SETSIZE) { + filedes[i].revents |= POLLNVAL; + continue; + } if (FD_ISSET(filedes[i].fd, &rd)) { if (filedes[i].events & POLLIN) { filedes[i].revents |= POLLIN; |