[Spice-devel] udscs: Fix a potential NULL pointer dereference

Submitted by Francois Gouget on Dec. 1, 2016, 4:19 a.m.

Details

Message ID E1cCIqL-0003jr-1d@amboise
State Accepted
Commit 2dc986fcaf51aff1e307df469da8feeb86574111
Headers show
Series "udscs: Fix a potential NULL pointer dereference" ( rev: 1 ) in Spice

Not browsing as part of any series.

Commit Message

Francois Gouget Dec. 1, 2016, 4:19 a.m.
udscs_server_fill_fds() should accept being passed a NULL pointer.

Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
---
 src/udscs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/src/udscs.c b/src/udscs.c
index 414dce5..fdd75a4 100644
--- a/src/udscs.c
+++ b/src/udscs.c
@@ -495,11 +495,12 @@  int udscs_server_fill_fds(struct udscs_server *server, fd_set *readfds,
         fd_set *writefds)
 {
     struct udscs_connection *conn;
-    int nfds = server->fd + 1;
+    int nfds;
 
     if (!server)
         return -1;
 
+    nfds = server->fd + 1;
     FD_SET(server->fd, readfds);
 
     conn = server->connections_head.next;

Comments

On Thu, Dec 01, 2016 at 05:19:33AM +0100, Francois Gouget wrote:
> udscs_server_fill_fds() should accept being passed a NULL pointer.

I would reword the commit log a bit, like "udscs_server_fill_fds() is
dereferencing the 'server' pointer, and then checks if it's NULL. This
commit makes sure the NULL check happens first"
I'll amend and push, thanks for the patch!

Acked-by: Christophe Fergeau <cfergeau@redhat.com>


> 
> Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
> ---
>  src/udscs.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/src/udscs.c b/src/udscs.c
> index 414dce5..fdd75a4 100644
> --- a/src/udscs.c
> +++ b/src/udscs.c
> @@ -495,11 +495,12 @@ int udscs_server_fill_fds(struct udscs_server *server, fd_set *readfds,
>          fd_set *writefds)
>  {
>      struct udscs_connection *conn;
> -    int nfds = server->fd + 1;
> +    int nfds;
>  
>      if (!server)
>          return -1;
>  
> +    nfds = server->fd + 1;
>      FD_SET(server->fd, readfds);
>  
>      conn = server->connections_head.next;
> -- 
> 2.10.2
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
On Thu, 1 Dec 2016, Christophe Fergeau wrote:

> On Thu, Dec 01, 2016 at 05:19:33AM +0100, Francois Gouget wrote:
> > udscs_server_fill_fds() should accept being passed a NULL pointer.
> 
> I would reword the commit log a bit, like "udscs_server_fill_fds() is
> dereferencing the 'server' pointer, and then checks if it's NULL. This
> commit makes sure the NULL check happens first"
> I'll amend and push, thanks for the patch!

Works for me.


> Acked-by: Christophe Fergeau <cfergeau@redhat.com>
> 
> 
> > 
> > Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
> > ---
> >  src/udscs.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/udscs.c b/src/udscs.c
> > index 414dce5..fdd75a4 100644
> > --- a/src/udscs.c
> > +++ b/src/udscs.c
> > @@ -495,11 +495,12 @@ int udscs_server_fill_fds(struct udscs_server *server, fd_set *readfds,
> >          fd_set *writefds)
> >  {
> >      struct udscs_connection *conn;
> > -    int nfds = server->fd + 1;
> > +    int nfds;
> >  
> >      if (!server)
> >          return -1;
> >  
> > +    nfds = server->fd + 1;
> >      FD_SET(server->fd, readfds);
> >  
> >      conn = server->connections_head.next;
> > -- 
> > 2.10.2
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/spice-devel
>