Mark Geisert wrote:
Validate the fd returned by cygheap_getfd operating on given mqd.
Reported-by: Christian Franke <christian.fra...@t-online.de>
Addresses: https://cygwin.com/pipermail/cygwin/2025-January/257090.html
Signed-off-by: Mark Geisert <m...@maxrnd.com>
Fixes: 46f3b0ce85a9 (Cygwin: POSIX msg queues: move all mq_* functionality into
fhandler_mqueue)
---
winsup/cygwin/posix_ipc.cc | 88 +++++++++++++++++++++++---------------
1 file changed, 53 insertions(+), 35 deletions(-)
diff --git a/winsup/cygwin/posix_ipc.cc b/winsup/cygwin/posix_ipc.cc
index 34fd2ba34..3ce1ecda6 100644
--- a/winsup/cygwin/posix_ipc.cc
+++ b/winsup/cygwin/posix_ipc.cc
@@ -225,11 +225,14 @@ mq_getattr (mqd_t mqd, struct mq_attr *mqstat)
int ret = -1;
cygheap_fdget fd ((int) mqd, true);
- fhandler_mqueue *fh = fd->is_mqueue ();
- if (!fh)
- set_errno (EBADF);
- else
- ret = fh->mq_getattr (mqstat);
+ if (fd >= 0)
+ {
+ fhandler_mqueue *fh = fd->is_mqueue ();
+ if (!fh)
+ set_errno (EBADF);
+ else
+ ret = fh->mq_getattr (mqstat);
+ }
Sorry, I forgot to mention that the testcase also "works" (segfaults) if
a positive but nonexistent fd is used. I'm not sure whether the (fd >=
0) check is sufficient.
