apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Conway <...@cs.berkeley.edu>
Subject Re: [PATCH] bug in pollset_wakeup() + nocopy
Date Thu, 07 Jan 2010 05:06:49 GMT
Attached is a slightly revised version of this patch. Changes:

* Initialize the apr_pool_t field of the apr_pollfd_t we use for the
wakeup pipe. Not clear what this field is actually used for (candidate
for removal in APR2?), but we may as well be tidy.

* Fix a minor bug in one of the versions of close_wakeup_pipe():
initialize both "rv0" and "rv1", to avoid potentially reading an
uninitialized value.

Neil

On Wed, Jan 6, 2010 at 5:47 PM, Neil Conway <nrc@cs.berkeley.edu> wrote:
> apr_pollset_wakeup() is buggy when used with APR_POLLSET_NOCOPY,
> because create_wakeup_pipe() passes a stack-allocated apr_pollfd_t to
> apr_pollset_add(). This is unsafe if the user specified
> APR_POLLSET_NOCOPY when creating the pollset.
>
> The attached patch fixes this by adding an apr_pollfd_t for the wakeup
> pipe to apr_pollset_t, so that it has a sufficiently-long-lived
> lifetime.
>
> Neil
>

Mime
View raw message