diff src/readpst.c @ 357:544d57fe6bc6

From Jeffrey Morlan: try_fork in readpst.c doesn't check that active_children < max_children before forking a child and adding it to the array. This can cause a buffer overflow.
author Carl Byington <carl@five-ten-sg.com>
date Wed, 06 Jul 2016 10:17:49 -0700
parents 843705c25b45
children 6abc3054cba2
line wrap: on
line diff
--- a/src/readpst.c	Wed Jul 06 10:15:28 2016 -0700
+++ b/src/readpst.c	Wed Jul 06 10:17:49 2016 -0700
@@ -203,7 +203,8 @@
 #ifdef HAVE_FORK
 #ifdef HAVE_SEMAPHORE_H
     int available = grim_reaper(0);
-    if (available) {
+    // If children have called sem_post but not exited yet, we could have available > 0 but active_children == max_children
+    if (available && active_children < max_children) {
         sem_wait(global_children);
         pid_t child = fork();
         if (child < 0) {