reading/writing blocking FDs over FD_SETSIZE is broken (Partially Trac #9169)
authorSergei Trofimovich <slyfox@gentoo.org>
Wed, 2 Jul 2014 13:53:34 +0000 (08:53 -0500)
committerAustin Seipp <austin@well-typed.com>
Wed, 2 Jul 2014 13:53:34 +0000 (08:53 -0500)
Summary:
libraries/base/cbits/inputReady.c had no limits on file descriptors.
Add a limit as non-threaded RTS does.

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Test Plan: none

Reviewers: austin, simonmar

Reviewed By: austin, simonmar

Subscribers: simonmar, relrod, carter

Differential Revision: https://phabricator.haskell.org/D28

libraries/base/cbits/inputReady.c

index 51f278f..dac9d9b 100644 (file)
@@ -25,7 +25,11 @@ fdReady(int fd, int write, int msecs, int isSock)
        int maxfd, ready;
        fd_set rfd, wfd;
        struct timeval tv;
-       
+        if ((fd >= (int)FD_SETSIZE) || (fd < 0)) {
+            /* avoid memory corruption on too large FDs */
+            errno = EINVAL;
+            return -1;
+        }
        FD_ZERO(&rfd);
        FD_ZERO(&wfd);
         if (write) {