I believe a positive but nonexistent fd passed to cygheap_getfd results in a -1, so that case should be covered by this patch. However I botched the coding for mq_close. That fix plus anything else needed per reviews will appear as a v2. Thanks & Regards, ..mark
Jan 15, 2025 3:35:43 AM Christian Franke <christian.fra...@t-online.de>: > Mark Geisert wrote: >> Validate the fd returned by cygheap_getfd operating on given mqd. >> >> Reported-by: Christian Franke <christian.fra...@t-online.de> >> Addresses: https://cygwin.com/pipermail/cygwin/2025-January/257090.html >> Signed-off-by: Mark Geisert <m...@maxrnd.com> >> Fixes: 46f3b0ce85a9 (Cygwin: POSIX msg queues: move all mq_* functionality >> into fhandler_mqueue) >> >> --- >> winsup/cygwin/posix_ipc.cc | 88 +++++++++++++++++++++++--------------- >> 1 file changed, 53 insertions(+), 35 deletions(-) >> >> diff --git a/winsup/cygwin/posix_ipc.cc b/winsup/cygwin/posix_ipc.cc >> index 34fd2ba34..3ce1ecda6 100644 >> --- a/winsup/cygwin/posix_ipc.cc >> +++ b/winsup/cygwin/posix_ipc.cc >> @@ -225,11 +225,14 @@ mq_getattr (mqd_t mqd, struct mq_attr *mqstat) >> int ret = -1; >> cygheap_fdget fd ((int) mqd, true); >> - fhandler_mqueue *fh = fd->is_mqueue (); >> - if (!fh) >> - set_errno (EBADF); >> - else >> - ret = fh->mq_getattr (mqstat); >> + if (fd >= 0) >> + { >> + fhandler_mqueue *fh = fd->is_mqueue (); >> + if (!fh) >> + set_errno (EBADF); >> + else >> + ret = fh->mq_getattr (mqstat); >> + } > > Sorry, I forgot to mention that the testcase also "works" (segfaults) if a > positive but nonexistent fd is used. I'm not sure whether the (fd >= 0) check > is sufficient.
