This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new 7a9aa9539c local_sendmsg: fix peer->lc_cfps[] array out-of-range write
7a9aa9539c is described below
commit 7a9aa9539c0a07bcb098bcd4e373ad4306426337
Author: Bowen Wang <wangbow...@xiaomi.com>
AuthorDate: Thu Oct 12 14:50:17 2023 +0800
local_sendmsg: fix peer->lc_cfps[] array out-of-range write
When peer->lc_cfpcount == LOCAL_NCONTROLFDS,
Line 122: peer->lc_cfps[peer->lc_cfpcount++] = filep2; access
out-of-range
Signed-off-by: Bowen Wang <wangbow...@xiaomi.com>
---
net/local/local_sendmsg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/local/local_sendmsg.c b/net/local/local_sendmsg.c
index 6068f5ceaf..deade9f75b 100644
--- a/net/local/local_sendmsg.c
+++ b/net/local/local_sendmsg.c
@@ -91,7 +91,7 @@ static int local_sendctl(FAR struct local_conn_s *conn,
fds = (int *)CMSG_DATA(cmsg);
count = (cmsg->cmsg_len - sizeof(struct cmsghdr)) / sizeof(int);
- if (count + peer->lc_cfpcount > LOCAL_NCONTROLFDS)
+ if (count + peer->lc_cfpcount >= LOCAL_NCONTROLFDS)
{
ret = -EMFILE;
goto fail;
