From: Clement Calmels Date: Wed, 13 Jan 2010 17:51:16 +0000 (+0100) Subject: If epoll_ctl fails, the descr->ev array isinconsistent X-Git-Tag: lxc-0.6.5~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ce45e6458830932261091d70acb552fadd2da9c;p=thirdparty%2Flxc.git If epoll_ctl fails, the descr->ev array isinconsistent Let's take an example: fd = open(..) /* fd = 3 for example */ lxc_mainloop_add_handler(descr, fd, cb1, data1) fails. the program take care of the error, it closes the fd Later, reopen a fd (get 3 for again) lxc_mainloop_add_handler(desc, fd, cb2, data2) is ok. When something happen on fd, cb1 with data1 will be called instead of cb2 with data2, because descr->ev contains 2 entries for fd == 3. Signed-off-by: Clement Calmels Signed-off-by: Daniel Lezcano --- diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c index fcae73995..03d178f9e 100644 --- a/src/lxc/mainloop.c +++ b/src/lxc/mainloop.c @@ -81,7 +81,6 @@ int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, { struct epoll_event *ev; struct mainloop_handler *handler; - int ret = -1; handler = malloc(sizeof(*handler)); if (!handler) @@ -95,25 +94,24 @@ int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, if (!ev) goto out_free; - if (descr->nfds) { - memcpy(ev, descr->ev, sizeof(*descr->ev) * (descr->nfds)); - free(descr->ev); - } + memcpy(ev, descr->ev, sizeof(*descr->ev) * (descr->nfds)); - descr->ev = ev; - descr->ev[descr->nfds].events = EPOLLIN; - descr->ev[descr->nfds].data.ptr = handler; + ev[descr->nfds].events = EPOLLIN; + ev[descr->nfds].data.ptr = handler; - ret = epoll_ctl(descr->epfd, EPOLL_CTL_ADD, fd, - &descr->ev[descr->nfds]); + if (epoll_ctl(descr->epfd, EPOLL_CTL_ADD, fd, &ev[descr->nfds]) < 0) { + free(ev); + goto out_free; + } + free(descr->ev); + descr->ev = ev; descr->nfds++; -out: - return ret; + return 0; out_free: free(handler); - goto out; + return -1; } int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd)