Fix: poll max size should be checked during resize
authorDavid Goulet <dgoulet@efficios.com>
Tue, 22 Jan 2013 20:28:36 +0000 (15:28 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Tue, 22 Jan 2013 20:28:38 +0000 (15:28 -0500)
This was detected using cppcheck:

[src/common/compat/compat-poll.c:204]: (error) Uninitialized variable:
new_size

So, the check was always made over an uninitialized variable on the
stack. Fortunately, worst case scenario, new_size is set to the maximum
allowed or kept untouched.

Signed-off-by: David Goulet <dgoulet@efficios.com>
src/common/compat/compat-poll.c

index cff9f44b8e17c369a4b015866a825044bb43ef48..bc79eed0aaa5321c48fcd055858698bcdc5fa375 100644 (file)
@@ -40,6 +40,11 @@ static int resize_poll_event(struct compat_poll_event_array *array,
 
        assert(array);
 
+       /* Refuse to resize the array more than the max size. */
+       if (new_size > poll_max_size) {
+               goto error;
+       }
+
        ptr = realloc(array->events, new_size * sizeof(*ptr));
        if (ptr == NULL) {
                PERROR("realloc epoll add");
@@ -200,11 +205,6 @@ int compat_poll_del(struct lttng_poll_event *events, int fd)
        /* Ease our life a bit. */
        current = &events->current;
 
-       /* Safety check on size */
-       if (new_size > poll_max_size) {
-               new_size = poll_max_size;
-       }
-
        /* Check if we need to shrink it down. */
        if ((current->nb_fd << 1UL) <= current->alloc_size &&
                        current->nb_fd >= current->init_size) {
This page took 0.0331 seconds and 4 git commands to generate.