On Fri, 2020-09-25 at 20:52 -0500, Benjamin Marzinski wrote:
>
> O.k. I'm getting way into the theoretical weeds here, but I believe
> that
> realloc() is technically allowed to return NULL when it shrinks
> allocated memory. In this case num_clients would be too big. Later
> in
> this function, when we loop through num_clients
>
> for (i = 2; i < num_clients + 2; i++) {
> if (polls[i].revents & POLLIN) {
>
> We could look at an unused polls entry, since its revents doesn't get
> cleared. It's also possible that the fd of this unused entry matches
> the
> fd of an existing client. Then we could try to get a packet from a
> client that isn't sending one, and kill that client. Yeah, this will
> almost certainly never happen. But we could just zero out the
> revents
> field, or loop over the actual number of structures we polled, and
> then
> it can't happen.
I'll fix this up in this patch, and add another patch to sanitize this.
calling realloc() when the number of fds shrinks really isn't buying us
much.
Martin
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
