[PATCH] prevent possible infinite loop in fs/select.c::do_pollfd()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If a sufficiently large 'num' is passed to the function, the for loop 
becomes an infinite loop - as far as I can see, that's a bug waiting to 
happen. Sure, 'len' in struct poll_list is currently an int, so currently 
this can't happen, but that might change in the future. In my oppinion, 
a function should be able to function correctly with the complete range 
of values that can potentially be passed via its parameters, and without 
the patch below that's just not true for this function.

Signed-off-by: Jesper Juhl <[email protected]>

--- linux-2.6.12-rc2-mm3-orig/fs/select.c	2005-04-05 21:21:47.000000000 +0200
+++ linux-2.6.12-rc2-mm3/fs/select.c	2005-04-24 01:11:13.000000000 +0200
@@ -397,7 +397,7 @@ struct poll_list {
 static void do_pollfd(unsigned int num, struct pollfd * fdpage,
 	poll_table ** pwait, int *count)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < num; i++) {
 		int fd;


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux