If a sufficiently large 'num' is passed to the function, the for loop
becomes an infinite loop - as far as I can see, that's a bug waiting to
happen. Sure, 'len' in struct poll_list is currently an int, so currently
this can't happen, but that might change in the future. In my oppinion,
a function should be able to function correctly with the complete range
of values that can potentially be passed via its parameters, and without
the patch below that's just not true for this function.
Signed-off-by: Jesper Juhl <[email protected]>
--- linux-2.6.12-rc2-mm3-orig/fs/select.c 2005-04-05 21:21:47.000000000 +0200
+++ linux-2.6.12-rc2-mm3/fs/select.c 2005-04-24 01:11:13.000000000 +0200
@@ -397,7 +397,7 @@ struct poll_list {
static void do_pollfd(unsigned int num, struct pollfd * fdpage,
poll_table ** pwait, int *count)
{
- int i;
+ unsigned int i;
for (i = 0; i < num; i++) {
int fd;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]