diff options
| author | Jarkko Hietaniemi <jhi@iki.fi> | 2014-05-29 12:36:28 -0400 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2014-05-29 12:37:38 -0400 |
| commit | 375ed12a42c6092b1af1d8e395bf3dadd9a66e48 (patch) | |
| tree | 2719822ab13ccf099d01e8818f6e6e36a9e67cb5 /util.c | |
| parent | 316ebaf2966c5b6fd47a9d1dc6fb64fcbd262379 (diff) | |
| download | perl-375ed12a42c6092b1af1d8e395bf3dadd9a66e48.tar.gz | |
fcntl receiving -1 from fileno, fcntl failing.
(Also very few spots of negative numgroups for getgroups(),
and fgetc() return, but almost all checking is for fcntl.)
(merged fix for perl #121743 and perl #121745: hopefully
picked up all the fixes-to-fixes from the ticket...)
Fix for Coverity perl5 CIDs 28990..29003,29005..29011,29013,
45354,45363,49926:
Argument cannot be negative (NEGATIVE_RETURNS) fd is
passed to a parameter that cannot be negative.
and CIDs 29004, 29012:
Argument cannot be negative (NEGATIVE_RETURNS)
num_groups is passed to a parameter that cannot be negative
and because of CIDs 29005 and 29006 also CID 28924.
In the first set of issues a fd is retrieved from PerlIO_fileno, and
that is then used in places like fstat(), fchown(), dup(), etc.,
without checking whether the fd is valid (>=0).
In the second set of issues a potentially negative
number is potentially passed to getgroups().
The CIDs 29005 and 29006 were a bit messy: fixing them needed also
resolving CID 28924 where the return value of fstat() was ignored,
and for completeness adding two croak calls (with perldiag updates):
a bit of a waste since it's suidperl code.
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 21 |
1 files changed, 13 insertions, 8 deletions
@@ -1712,13 +1712,16 @@ void Perl_croak_no_mem(void) { dTHX; - int rc; - /* Can't use PerlIO to write as it allocates memory */ - rc = PerlLIO_write(PerlIO_fileno(Perl_error_log), - PL_no_mem, sizeof(PL_no_mem)-1); - /* silently ignore failures */ - PERL_UNUSED_VAR(rc); + int fd = PerlIO_fileno(Perl_error_log); + if (fd < 0) + SETERRNO(EBADF,RMS_IFI); + else { + /* Can't use PerlIO to write as it allocates memory */ + int rc = PerlLIO_write(fd, PL_no_mem, sizeof(PL_no_mem)-1); + /* silently ignore failures */ + PERL_UNUSED_VAR(rc); + } my_exit(1); } @@ -2310,7 +2313,8 @@ Perl_my_popen_list(pTHX_ const char *mode, int n, SV **args) PerlLIO_close(pp[0]); #if defined(HAS_FCNTL) && defined(F_SETFD) /* Close error pipe automatically if exec works */ - fcntl(pp[1], F_SETFD, FD_CLOEXEC); + if (fcntl(pp[1], F_SETFD, FD_CLOEXEC) < 0) + return NULL; #endif } /* Now dup our end of _the_ pipe to right position */ @@ -2455,7 +2459,8 @@ Perl_my_popen(pTHX_ const char *cmd, const char *mode) if (did_pipes) { PerlLIO_close(pp[0]); #if defined(HAS_FCNTL) && defined(F_SETFD) - fcntl(pp[1], F_SETFD, FD_CLOEXEC); + if (fcntl(pp[1], F_SETFD, FD_CLOEXEC) < 0) + return NULL; #endif } if (p[THIS] != (*mode == 'r')) { |