You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2020/12/27 17:08:24 UTC
[incubator-nuttx] 01/02: fs/epoll: add sanity check to handle
invalid control option
This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git
commit 0114f7c58f9c57992c383ef44a4148d85d83454b
Author: chao.an <an...@xiaomi.com>
AuthorDate: Wed Dec 23 10:41:13 2020 +0800
fs/epoll: add sanity check to handle invalid control option
Signed-off-by: chao.an <an...@xiaomi.com>
---
fs/vfs/fs_epoll.c | 99 ++++++++++++++++++++++++++++++-------------------------
1 file changed, 55 insertions(+), 44 deletions(-)
diff --git a/fs/vfs/fs_epoll.c b/fs/vfs/fs_epoll.c
index ef1b1fd..83adf12 100644
--- a/fs/vfs/fs_epoll.c
+++ b/fs/vfs/fs_epoll.c
@@ -162,67 +162,78 @@ int epoll_ctl(int epfd, int op, int fd, struct epoll_event *ev)
*/
FAR struct epoll_head *eph = (FAR struct epoll_head *)((intptr_t)epfd);
+ int i;
switch (op)
{
case EPOLL_CTL_ADD:
finfo("%08x CTL ADD(%d): fd=%d ev=%08" PRIx32 "\n",
epfd, eph->occupied, fd, ev->events);
+ if (eph->occupied >= eph->size)
+ {
+ set_errno(ENOMEM);
+ return -1;
+ }
+
+ for (i = 0; i < eph->occupied; i++)
+ {
+ if (eph->poll[i].fd == fd)
+ {
+ set_errno(EEXIST);
+ return -1;
+ }
+ }
eph->data[eph->occupied] = ev->data;
eph->poll[eph->occupied].events = ev->events | POLLERR | POLLHUP;
eph->poll[eph->occupied++].fd = fd;
- return 0;
- case EPOLL_CTL_DEL:
- {
- int i;
+ break;
- for (i = 0; i < eph->occupied; i++)
- {
- if (eph->poll[i].fd == fd)
- {
- if (i != eph->occupied - 1)
- {
- memmove(&eph->data[i], &eph->data[i + 1],
- sizeof(epoll_data_t) * (eph->occupied - i));
- memmove(&eph->poll[i], &eph->poll[i + 1],
- sizeof(struct pollfd) * (eph->occupied - i));
- }
-
- eph->occupied--;
- return 0;
- }
- }
-
- set_errno(ENOENT);
- return -1;
- }
+ case EPOLL_CTL_DEL:
+ for (i = 0; i < eph->occupied; i++)
+ {
+ if (eph->poll[i].fd == fd)
+ {
+ if (i != eph->occupied - 1)
+ {
+ memmove(&eph->data[i], &eph->data[i + 1],
+ sizeof(epoll_data_t) * (eph->occupied - i));
+ memmove(&eph->poll[i], &eph->poll[i + 1],
+ sizeof(struct pollfd) * (eph->occupied - i));
+ }
+
+ eph->occupied--;
+ break;
+ }
+ }
+
+ set_errno(ENOENT);
+ return -1;
case EPOLL_CTL_MOD:
- {
- int i;
-
- finfo("%08x CTL MOD(%d): fd=%d ev=%08" PRIx32 "\n",
- epfd, eph->occupied, fd, ev->events);
-
- for (i = 0; i < eph->occupied; i++)
- {
- if (eph->poll[i].fd == fd)
- {
- eph->data[i] = ev->data;
- eph->poll[i].events = ev->events | POLLERR | POLLHUP;
- return 0;
- }
- }
+ finfo("%08x CTL MOD(%d): fd=%d ev=%08" PRIx32 "\n",
+ epfd, eph->occupied, fd, ev->events);
- set_errno(ENOENT);
- return -1;
- }
+ for (i = 0; i < eph->occupied; i++)
+ {
+ if (eph->poll[i].fd == fd)
+ {
+ eph->data[i] = ev->data;
+ eph->poll[i].events = ev->events | POLLERR | POLLHUP;
+ break;
+ }
+ }
+
+ set_errno(ENOENT);
+ return -1;
+
+ default:
+ set_errno(EINVAL);
+ return -1;
}
- set_errno(EINVAL);
- return -1;
+ return 0;
}
/****************************************************************************