From ac018a8b4890dcf6f0eb9d4b5dee600269e79b29 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 22 Jan 2013 15:28:36 -0500 Subject: [PATCH] Fix: poll max size should be checked during resize This was detected using cppcheck: [src/common/compat/compat-poll.c:204]: (error) Uninitialized variable: new_size So, the check was always made over an uninitialized variable on the stack. Fortunately, worst case scenario, new_size is set to the maximum allowed or kept untouched. Signed-off-by: David Goulet --- src/common/compat/compat-poll.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/common/compat/compat-poll.c b/src/common/compat/compat-poll.c index cff9f44b8..bc79eed0a 100644 --- a/src/common/compat/compat-poll.c +++ b/src/common/compat/compat-poll.c @@ -40,6 +40,11 @@ static int resize_poll_event(struct compat_poll_event_array *array, assert(array); + /* Refuse to resize the array more than the max size. */ + if (new_size > poll_max_size) { + goto error; + } + ptr = realloc(array->events, new_size * sizeof(*ptr)); if (ptr == NULL) { PERROR("realloc epoll add"); @@ -200,11 +205,6 @@ int compat_poll_del(struct lttng_poll_event *events, int fd) /* Ease our life a bit. */ current = &events->current; - /* Safety check on size */ - if (new_size > poll_max_size) { - new_size = poll_max_size; - } - /* Check if we need to shrink it down. */ if ((current->nb_fd << 1UL) <= current->alloc_size && current->nb_fd >= current->init_size) { -- 2.34.1