[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #43361] select() crashes with stale FDs

From: Joel Cunningham
Subject: [lwip-devel] [bug #43361] select() crashes with stale FDs
Date: Sun, 05 Oct 2014 21:01:15 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0


                 Summary: select() crashes with stale FDs
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: jcunningham
            Submitted on: Sun 05 Oct 2014 09:01:14 PM GMT
                Category: sockets/netconn
                Severity: 3 - Normal
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.1



If an application calls select() with FDs set that do not correspond to valid
open sockets, a data abort will occur.

There are two spots where calls to tryget_socket() returns a NULL and it is
dereferenced: when increasing and decreasing the sock->select_waiting value. 
Other uses of tryget_socket() handle the NULL gracefully.

Just handling the NULL wouldn't technically be correct behavior of select
according to the Open Group specification:

Under the following conditions, select() fails and sets errno to:

    One or more of the file descriptor sets specified a file descriptor that
is not a valid open file descriptor. 


We could add a single spin through the set FDs and check the validity of the
sockets.  Or as the sockets are processed via tryget_socket(), if a failure is
encountered, set errno and cleanup.

My project uses LwIP 1.4.1, but the NULL don't appear to be handled on head of
master branch either


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]