When passing a large file descriptor, on many systems large means >= 1024,
FD_SET()s behavior is undefined. Mostly, it will corrupt the stack
because an out-of-bounds bit is flipped.
if (!timerisset (ptr->timer))
continue;
+ assert (ptr->fd < FD_SETSIZE);
FD_SET (ptr->fd, &read_fds);
FD_SET (ptr->fd, &err_fds);
num_fds++;
ping_set_errno (obj, errno);
continue;
}
+ else if (ph->fd >= FD_SETSIZE)
+ {
+ dprintf("socket(2) returned file descriptor %d, which is above the file "
+ "descriptor limit for select(2) (FD_SETSIZE = %d)\n",
+ ph->fd, FD_SETSIZE);
+ close(ph->fd);
+ ph->fd = -1;
+ ping_set_errno(obj, EMFILE);
+ continue;
+ }
if (obj->srcaddr != NULL)
{
projects / liboping.git / commitdiff