Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.
Signal the lack of file descriptor with -1, so that the request handler
can determine that no valid file descriptor was received via anciliary
data.
Signed-off-by: Lubomir Rintel <lkund...@v3.sk>
---
src/connection.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/connection.c b/src/connection.c
index 451b93e..48a5398 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -605,7 +605,7 @@ wl_connection_demarshal(struct wl_connection *connection,
const struct wl_message *message)
{
uint32_t *p, *next, *end, length, id;
- int fd;
+ int fd = -1;
char *s;
unsigned int i, count, num_arrays;
const char *signature;
@@ -744,8 +744,10 @@ wl_connection_demarshal(struct wl_connection *connection,
p = next;
break;
case 'h':
- wl_buffer_copy(&connection->fds_in, &fd, sizeof fd);
- connection->fds_in.tail += sizeof fd;
+ if (connection->fds_in.tail != connection->fds_in.head)
{
+ wl_buffer_copy(&connection->fds_in, &fd, sizeof
fd);
+ connection->fds_in.tail += sizeof fd;
+ }
closure->args[i].h = fd;
break;
default:
--
1.8.4.2
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
