Download Reference Manual
The Developer's Library for D
About Wiki Forums Source Search Contact

Ticket #1951 (new defect)

Opened 14 years ago

Last modified 14 years ago

Socket.wait() crashes on invalid file descriptor

Reported by: nablaoperator Assigned to: kris
Priority: normal Milestone: 1.0
Component: Tango Version: 0.99.9 Kai
Keywords: socket, wait, file descriptor Cc: nablaoperator

Description

Hi,

the wait() method in the Socket class, module tango/net/device/Socket rev. 5409, occasionally crashes when the socket file descriptor, represented as native.sock, is set to -1, as results from an unsuccessful OS function which regulary would return a file descriptor. The actual problem is in line 304: 

pending.reset.add (native.sock);

Inside add() the passed value is casted to an unsigned integer type and then used to generate an array index. For a negative value this results in a huge, invalid unsigned integer value which then leads to unexpected behaviour or a crash.
To fix this, I suggest adding a file descriptor check just before that line: 

if (native.sock == native.Error)     // native.Error is -1
{
    super.error ("Socket :: invalid handle");
}
pending.reset.add (native.sock);

Attachments

socket.patch (0.6 kB) - added by mwarning on 06/29/10 22:17:31.

Change History

06/29/10 22:17:31 changed by mwarning

  • attachment socket.patch added.

06/29/10 22:20:23 changed by mwarning

  • owner changed from community to kris.

I wonder if the check shouldn't go into Berkely.d.
kris?

07/17/10 18:17:00 changed by kris

  • cc set to nablaoperator.

which function-call caused native.sock to wind up as -1 in the first place?

Roadmap Timeline Tickets New Ticket Help / Guide About Trac
Login  |  
Trac dsource.org
RSS
Copyright © 2006-2024 Tango. All Rights Reserved. | Page Width: Static or Dynamic