[OpenWrt-Devel] [PATCH 1/5] uloop: fix out-of-bound loop index.
Felix Fietkau
nbd at openwrt.org
Wed Jan 21 13:58:55 EST 2015
On 2015-01-21 14:21, Yousong Zhou wrote:
> Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
> ---
> uloop.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/uloop.c b/uloop.c
> index 9a77ce4..3224f4b 100644
> --- a/uloop.c
> +++ b/uloop.c
> @@ -394,11 +394,11 @@ int uloop_fd_delete(struct uloop_fd *fd)
> {
> int i;
>
> - for (i = 0; i < cur_nfds; i++) {
> - if (cur_fds[cur_fd + i].fd != fd)
> + for (i = cur_fd; i < cur_nfds; i++) {
> + if (cur_fds[i].fd != fd)
This patch (aside from the fact that it's completely missing an
explanation) seems wrong to me.
cur_nfds really means the number of file descriptors in the struct, not
the array size starting at 0.
Take a look at uloop_run_events - when it increments cur_fd, it also
decrements cur_nfds.
- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list