Bug#696278: gst-plugins-bad0.10: Sets FD_CLOEXEC incorrectly with F_SETFL instead of F_SETFD

Tue, 18 Dec 2012 14:03:16 -0800 

Source: gst-plugins-bad0.10
Version: 0.10.23-7
Severity: important
Tags: patch
User: debian-...@lists.debian.org
Usertags: fcntl-fd-cloexec

Hi!

This package contains code that tries to set the FD_CLOEXEC flag for a
file descriptor, but it does using F_SETFL instead of F_SETFD.

Using that value on F_SETFL is just wrong, and might make the call fail
on some systems, as it's requesting to set an undetermined flag. For
example on GNU/* FD_CLOEXEC has value 1, which matches with O_WRONLY.

This might cause the code to at least leak file descriptors, and at
worst to terminate execution.

Attached a patch fixing this.

Thanks,
Guillem

From 748201b0b25ee15e8e84c94fce17ff3ec85ab21d Mon Sep 17 00:00:00 2001
From: Guillem Jover <guil...@hadrons.org>
Date: Tue, 18 Dec 2012 18:22:39 +0100
Subject: [PATCH] gst-plugins-bad0.10: Set FD_CLOEXEC correctly using F_SETFD
 not F_SETFL

Using that value on F_SETFL is just wrong, and might make the call fail
on some systems, as it's requesting to set an undetermined flag. For
example on GNU/* FD_CLOEXEC has value 1, which matches with O_WRONLY.

This might cause the code to at least leak file descriptors, and at worst
to terminate execution.
---
 sys/shm/shmpipe.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sys/shm/shmpipe.c b/sys/shm/shmpipe.c
index 583aa38..65f50f2 100644
--- a/sys/shm/shmpipe.c
+++ b/sys/shm/shmpipe.c
@@ -209,9 +209,16 @@ sp_writer_create (const char *path, size_t size, mode_t perms)
   if (flags < 0)
     RETURN_ERROR ("fcntl(F_GETFL) failed (%d): %s\n", errno, strerror (errno));
 
-  if (fcntl (self->main_socket, F_SETFL, flags | O_NONBLOCK | FD_CLOEXEC) < 0)
+  if (fcntl (self->main_socket, F_SETFL, flags | O_NONBLOCK) < 0)
     RETURN_ERROR ("fcntl(F_SETFL) failed (%d): %s\n", errno, strerror (errno));
 
+  flags = fcntl (self->main_socket, F_GETFD, 0);
+  if (flags < 0)
+    RETURN_ERROR ("fcntl(F_GETFD) failed (%d): %s\n", errno, strerror (errno));
+
+  if (fcntl (self->main_socket, F_SETFD, flags | FD_CLOEXEC) < 0)
+    RETURN_ERROR ("fcntl(F_SETFD) failed (%d): %s\n", errno, strerror (errno));
+
   sock_un.sun_family = AF_UNIX;
   strncpy (sock_un.sun_path, path, sizeof (sock_un.sun_path) - 1);
 
-- 
1.8.1.rc0

Reply via email to