From 5440435405e3b6b7cc71905a149fe2f63b7f91aa Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 9 Mar 2017 19:42:35 +0100
Subject: [PATCH] connection: guard against fd overflow

---
 pinos/client/connection.c      | 7 ++++++-
 pinos/client/protocol-native.c | 2 +-
 pinos/client/stream.c          | 2 +-
 pinos/server/protocol-native.c | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/pinos/client/connection.c b/pinos/client/connection.c
index 790a7878c..4df1c2f69 100644
--- a/pinos/client/connection.c
+++ b/pinos/client/connection.c
@@ -28,7 +28,7 @@
 #include "connection.h"
 #include "log.h"
 
-#define MAX_BUFFER_SIZE 1024
+#define MAX_BUFFER_SIZE 4096
 #define MAX_FDS 28
 
 typedef struct {
@@ -72,6 +72,11 @@ pinos_connection_add_fd (PinosConnection *conn,
   }
 
   index = conn->out.n_fds;
+  if (index >= MAX_FDS) {
+    pinos_log_error ("connection %p: too many fds", conn);
+    return -1;
+  }
+
   conn->out.fds[index] = fd;
   conn->out.n_fds++;
 
diff --git a/pinos/client/protocol-native.c b/pinos/client/protocol-native.c
index 8e6c21cc4..5773d2b4c 100644
--- a/pinos/client/protocol-native.c
+++ b/pinos/client/protocol-native.c
@@ -40,7 +40,7 @@ write_pod (SpaPODBuilder *b, uint32_t ref, const void *data, uint32_t size)
     ref = b->offset;
 
   if (b->size <= b->offset) {
-    b->size = SPA_ROUND_UP_N (b->offset + size, 512);
+    b->size = SPA_ROUND_UP_N (b->offset + size, 4096);
     b->data = pinos_connection_begin_write (((Builder*)b)->connection, b->size);
   }
   memcpy (b->data + ref, data, size);
diff --git a/pinos/client/stream.c b/pinos/client/stream.c
index 91cab2042..58b452581 100644
--- a/pinos/client/stream.c
+++ b/pinos/client/stream.c
@@ -664,7 +664,7 @@ client_node_done (void              *object,
   PinosProxy *proxy = object;
   PinosStream *stream = proxy->user_data;
 
-  pinos_log_warn ("create client node done");
+  pinos_log_info ("strean %p: create client node done with fd %d", stream, datafd);
   handle_socket (stream, datafd);
   do_node_init (stream);
 }
diff --git a/pinos/server/protocol-native.c b/pinos/server/protocol-native.c
index 0e8b953a3..1f98597c1 100644
--- a/pinos/server/protocol-native.c
+++ b/pinos/server/protocol-native.c
@@ -38,7 +38,7 @@ write_pod (SpaPODBuilder *b, uint32_t ref, const void *data, uint32_t size)
     ref = b->offset;
 
   if (b->size <= b->offset) {
-    b->size = SPA_ROUND_UP_N (b->offset + size, 512);
+    b->size = SPA_ROUND_UP_N (b->offset + size, 4096);
     b->data = pinos_connection_begin_write (((Builder*)b)->connection, b->size);
   }
   memcpy (b->data + ref, data, size);