From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9125-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 14978 invoked by alias); 27 Nov 2006 19:11:04 -0000
Received: (qmail 14901 invoked by uid 22791); 27 Nov 2006 19:11:03 -0000
X-Spam-Check-By: sourceware.org
Received: from sunsite.ms.mff.cuni.cz (HELO sunsite.mff.cuni.cz) (195.113.15.26)
    by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 27 Nov 2006 19:10:57 +0000
Received: from sunsite.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1])
	by sunsite.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id kARJAgPC013841;
	Mon, 27 Nov 2006 20:10:42 +0100
Received: (from jj@localhost)
	by sunsite.mff.cuni.cz (8.13.1/8.13.1/Submit) id kARJAgG8013840;
	Mon, 27 Nov 2006 20:10:42 +0100
Date: Mon, 27 Nov 2006 19:11:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Fix svc_run
Message-ID: <20061127191041.GA3484@sunsite.mff.cuni.cz>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-hacker.sourceware.org>
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2006-11/txt/msg00021.txt.bz2

Hi!

svc_run segfaults if malloc fails.
BZ#3559 contains a simple patch (just perror and return if that fails),
this is a little bit larger patch which avoids dumb my_pollfd allocation and
freeing in every single svc_run loop iteration if svc_max_pollfd hasn't
changed.

2006-11-27  Jakub Jelinek  <jakub@redhat.com>

	[BZ #3559]
	* sunrpc/svc_run.c (svc_run): Fail instead of segfaulting if
	malloc crashed.  Don't allocate memory unnecessarily in each
	loop.

--- libc/sunrpc/svc_run.c.jj	2002-05-15 02:21:01.000000000 +0200
+++ libc/sunrpc/svc_run.c	2006-11-27 15:28:31.000000000 +0100
@@ -51,36 +51,51 @@ void
 svc_run (void)
 {
   int i;
+  struct pollfd *my_pollfd = NULL;
+  int last_max_pollfd = 0;
 
   for (;;)
     {
-      struct pollfd *my_pollfd;
+      int max_pollfd = svc_max_pollfd;
+      if (max_pollfd == 0 && svc_pollfd == NULL)
+	break;
 
-      if (svc_max_pollfd == 0 && svc_pollfd == NULL)
-	return;
+      if (last_max_pollfd != max_pollfd)
+	{
+	  struct pollfd *new_pollfd
+	    = realloc (my_pollfd, sizeof (struct pollfd) * max_pollfd);
+
+	  if (new_pollfd == NULL)
+	    {
+	      perror (_("svc_run: - out of memory"));
+	      break;
+	    }
+
+	  last_max_pollfd = max_pollfd;
+	}
 
-      my_pollfd = malloc (sizeof (struct pollfd) * svc_max_pollfd);
-      for (i = 0; i < svc_max_pollfd; ++i)
+      for (i = 0; i < max_pollfd; ++i)
 	{
 	  my_pollfd[i].fd = svc_pollfd[i].fd;
 	  my_pollfd[i].events = svc_pollfd[i].events;
 	  my_pollfd[i].revents = 0;
 	}
 
-      switch (i = __poll (my_pollfd, svc_max_pollfd, -1))
+      switch (i = __poll (my_pollfd, max_pollfd, -1))
 	{
 	case -1:
-	  free (my_pollfd);
 	  if (errno == EINTR)
 	    continue;
 	  perror (_("svc_run: - poll failed"));
-	  return;
+	  break;
 	case 0:
-	  free (my_pollfd);
 	  continue;
 	default:
 	  INTUSE(svc_getreq_poll) (my_pollfd, i);
-	  free (my_pollfd);
+	  continue;
 	}
+      break;
     }
+
+  free (my_pollfd);
 }

	Jakub