pstream: Fix use of uninitialized value: ancillary fd cleanup flag

As reported by valrgrind ==30002== Conditional jump or move depends on uninitialised value(s) ==30002== at 0x5CB883C: pa_cmsg_ancil_data_close_fds (pstream.c:193) ==30002== by 0x5CBB161: do_write (pstream.c:759) ==30002== by 0x5CB8B51: do_pstream_read_write (pstream.c:233) ==30002== by 0x5CB8EE8: io_callback (pstream.c:279) ... The pa_cmsg_ancil_data structure has two main guards: 'creds_valid', which implies that it holds credentials information, and 'nfd', which implies it holds file descriptors. When code paths create a credentials ancillary data structure, they just set the 'nfd' guard to zero. Typically, the rest of pa_cmsg_ancil_data fields related to fds are _all_ left _uninitialized_. pa_cmsg_ancil_data_close_fds() has broken the above contract: it accesses the new 'close_fds_on_cleanup' flag, which is related to file descriptors, without checking the 'nfd == 0' guard first. Fix this inconsistency. Reported-by: Alexander E. Patrakov <patrakov@gmail.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Signed-off-by: Arun Raghavan <arun@arunraghavan.net>
2025-11-07 13:30:03 -05:00 · 2016-06-17 21:56:41 +02:00 · 2016-06-17 21:56:41 +02:00 · a07b6a8cda
commit a07b6a8cda
parent 3922bbe7eb
1 changed files with 1 additions and 1 deletions
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@ -190,7 +190,7 @@ struct pa_pstream {
 * it guarantees necessary cleanups after fds close.. This method is
 * also multiple-invocations safe. */
 void pa_cmsg_ancil_data_close_fds(struct pa_cmsg_ancil_data *ancil) {
-    if (ancil && ancil->close_fds_on_cleanup) {
+    if (ancil && ancil->nfd > 0 && ancil->close_fds_on_cleanup) {
        int i;
        pa_assert(ancil->nfd <= MAX_ANCIL_DATA_FDS);