aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVegard Nossum <vegardno@ifi.uio.no>2008-05-25 09:41:29 +0200
committerJosh Triplett <josh@freedesktop.org>2008-07-14 11:19:46 -0700
commitdd82c7033c4644299d3a8d7ed2f6b2422281b0cc (patch)
treea8148fec8b1d8bd1beb007082a95f4810e56b45c
parent230e6e21679296401c1e3c3090de456344f13063 (diff)
downloadsparse-dd82c7033c4644299d3a8d7ed2f6b2422281b0cc.tar.gz
sparse-dd82c7033c4644299d3a8d7ed2f6b2422281b0cc.tar.xz
sparse-dd82c7033c4644299d3a8d7ed2f6b2422281b0cc.zip
Fix use of invalid file descriptor
tokenize_buffer() calls setup_stream() with a file descriptor argument of -1. This number makes it all the way into nextchar_slow(), where -1 is used as an actual file descriptor when calling read(). Check for the -1 before calling read() if the buffer is empty. (By the way, that read() there is probably missing some additional error handling. An EINTR at the right moment...) Signed-off-by: Vegard Nossum <vegardno@ifi.uio.no>
-rw-r--r--tokenize.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/tokenize.c b/tokenize.c
index e72c56e..d154882 100644
--- a/tokenize.c
+++ b/tokenize.c
@@ -213,6 +213,8 @@ restart:
repeat:
if (offset >= size) {
+ if (stream->fd < 0)
+ goto got_eof;
size = read(stream->fd, stream->buffer, BUFSIZE);
if (size <= 0)
goto got_eof;