From: Dimitry Andric Date: Fri, 1 Jan 2021 17:25:48 +0000 (+0100) Subject: lib: Avoid declaring zero-length VLAs in various messaging functions X-Git-Tag: samba-4.12.11~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d24a1173c9a42ba1123b7efff7d89d55cd6ab211;p=thirdparty%2Fsamba.git lib: Avoid declaring zero-length VLAs in various messaging functions In messaging_rec_create(), messaging_recv_cb() and messaging_dispatch_rec(), variable length arrays of file descriptors are declared using an incoming num_fds parameter. However, there are several scenarios where num_fds can be zero, and declaring a zero-length VLA is undefined behavior. This can lead to segmentation faults and/or other crashes when compiling with recent versions of clang at high optimization levels. To avoid ever using zero as the length for these declarations, use MAX(1, length) instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605 Signed-off-by: Dimitry Andric Reviewed-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Jan 4 10:50:07 UTC 2021 on sn-devel-184 (cherry picked from commit 3e96c95d41e4ccd0bf43b3ee78af644e2bc32e30) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Tue Jan 5 09:11:44 UTC 2021 on sn-devel-184 --- diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 63d6362e0c9..2b7026f60c4 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create( { struct messaging_rec rec; - int64_t fds64[num_fds]; + int64_t fds64[MAX(1, num_fds)]; size_t i; for (i=0; ievent_ctx) { struct iovec iov; - int fds[rec->num_fds]; + int fds[MAX(1, rec->num_fds)]; int ret; /*