public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] Fix svc_run
@ 2006-11-27 19:11 Jakub Jelinek
  2006-11-30 13:44 ` [PATCH] Fix last svc_run change Jakub Jelinek
  0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2006-11-27 19:11 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: Glibc hackers

Hi!

svc_run segfaults if malloc fails.
BZ#3559 contains a simple patch (just perror and return if that fails),
this is a little bit larger patch which avoids dumb my_pollfd allocation and
freeing in every single svc_run loop iteration if svc_max_pollfd hasn't
changed.

2006-11-27  Jakub Jelinek  <jakub@redhat.com>

	[BZ #3559]
	* sunrpc/svc_run.c (svc_run): Fail instead of segfaulting if
	malloc crashed.  Don't allocate memory unnecessarily in each
	loop.

--- libc/sunrpc/svc_run.c.jj	2002-05-15 02:21:01.000000000 +0200
+++ libc/sunrpc/svc_run.c	2006-11-27 15:28:31.000000000 +0100
@@ -51,36 +51,51 @@ void
 svc_run (void)
 {
   int i;
+  struct pollfd *my_pollfd = NULL;
+  int last_max_pollfd = 0;
 
   for (;;)
     {
-      struct pollfd *my_pollfd;
+      int max_pollfd = svc_max_pollfd;
+      if (max_pollfd == 0 && svc_pollfd == NULL)
+	break;
 
-      if (svc_max_pollfd == 0 && svc_pollfd == NULL)
-	return;
+      if (last_max_pollfd != max_pollfd)
+	{
+	  struct pollfd *new_pollfd
+	    = realloc (my_pollfd, sizeof (struct pollfd) * max_pollfd);
+
+	  if (new_pollfd == NULL)
+	    {
+	      perror (_("svc_run: - out of memory"));
+	      break;
+	    }
+
+	  last_max_pollfd = max_pollfd;
+	}
 
-      my_pollfd = malloc (sizeof (struct pollfd) * svc_max_pollfd);
-      for (i = 0; i < svc_max_pollfd; ++i)
+      for (i = 0; i < max_pollfd; ++i)
 	{
 	  my_pollfd[i].fd = svc_pollfd[i].fd;
 	  my_pollfd[i].events = svc_pollfd[i].events;
 	  my_pollfd[i].revents = 0;
 	}
 
-      switch (i = __poll (my_pollfd, svc_max_pollfd, -1))
+      switch (i = __poll (my_pollfd, max_pollfd, -1))
 	{
 	case -1:
-	  free (my_pollfd);
 	  if (errno == EINTR)
 	    continue;
 	  perror (_("svc_run: - poll failed"));
-	  return;
+	  break;
 	case 0:
-	  free (my_pollfd);
 	  continue;
 	default:
 	  INTUSE(svc_getreq_poll) (my_pollfd, i);
-	  free (my_pollfd);
+	  continue;
 	}
+      break;
     }
+
+  free (my_pollfd);
 }

	Jakub

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH] Fix last svc_run change
  2006-11-27 19:11 [PATCH] Fix svc_run Jakub Jelinek
@ 2006-11-30 13:44 ` Jakub Jelinek
  0 siblings, 0 replies; 2+ messages in thread
From: Jakub Jelinek @ 2006-11-30 13:44 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: Glibc hackers

On Mon, Nov 27, 2006 at 08:10:41PM +0100, Jakub Jelinek wrote:
> 2006-11-27  Jakub Jelinek  <jakub@redhat.com>
> 
> 	[BZ #3559]
> 	* sunrpc/svc_run.c (svc_run): Fail instead of segfaulting if
> 	malloc crashed.  Don't allocate memory unnecessarily in each
> 	loop.

Oops, brown paper bag bug in it, fixed thusly, tested with portmap:

2006-11-30  Jakub Jelinek  <jakub@redhat.com>

	* sunrpc/svc_run.c (svc_run): Set my_pollfd to new_pollfd if realloc
	succeeded.

--- libc/sunrpc/svc_run.c	27 Nov 2006 21:58:11 -0000	1.11
+++ libc/sunrpc/svc_run.c	30 Nov 2006 13:41:18 -0000
@@ -71,6 +71,7 @@ svc_run (void)
 	      break;
 	    }
 
+	  my_pollfd = new_pollfd;
 	  last_max_pollfd = max_pollfd;
 	}
 


	Jakub

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2006-11-30 13:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-11-27 19:11 [PATCH] Fix svc_run Jakub Jelinek
2006-11-30 13:44 ` [PATCH] Fix last svc_run change Jakub Jelinek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).