Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-27 11:26:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

poll: fix covertify issue about out-of-bound access fds

Browse Source 
when i is zero and file_get is failed, num is -1,
it's uint32_max for nfds.
so remove num and simplify code logic.

Signed-off-by: dongjiuzhu1 <dongjiuzhu1@xiaomi.com>
This commit is contained in:
dongjiuzhu1
2025-07-25 15:58:21 +08:00
committed by Xiang Xiao
parent 68a4632f5d
commit 73232509e8
1 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
fs/vfs/fs_poll.c
+6 -11
View File
@@ -161,25 +161,20 @@ static inline int poll_setup(FAR struct pollfd *fds, nfds_t nfds,
if (fds[i].fd >= 0) if (fds[i].fd >= 0)
{ {
FAR struct file *filep; FAR struct file *filep;
int num = i;
ret = file_get(fds[i].fd, &filep); ret = file_get(fds[i].fd, &filep);
if (ret < 0) if (ret >= 0)
{
num -= 1;
}
else
{ {
ret = file_poll(filep, &fds[i], true); ret = file_poll(filep, &fds[i], true);
if (ret < 0)
{
file_put(filep);
}
} }
if (ret < 0) if (ret < 0)
{ {
if (num >= 0) poll_teardown(fds, i, &count);
{
poll_teardown(fds, num, &count);
}
fds[i].revents |= POLLERR; fds[i].revents |= POLLERR;
fds[i].arg = NULL; fds[i].arg = NULL;
fds[i].cb = NULL; fds[i].cb = NULL;