Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 May 2026 16:11:48 -0400
From:      Mark Johnston <markj@freebsd.org>
To:        Oliver Pinter <oliver.pntr@gmail.com>
Cc:        "src-committers@freebsd.org" <src-committers@freebsd.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org>, Mariusz Zaborski <oshogbo@freebsd.org>
Subject:   Re: git: f5ea3dce2cbe - main - libnv: switch fd_wait() from select(2) to poll(2)
Message-ID:  <afUJBGczsjXZ8yxD@nuc>
In-Reply-To: <CAPjTQNGzzY4sgCdKy0wrO2ipyYA1yefLhbbDE0RV2qFDCy06Hg@mail.gmail.com>
References:  <69f219fc.3d583.73783562@gitrepo.freebsd.org> <CAPjTQNGzzY4sgCdKy0wrO2ipyYA1yefLhbbDE0RV2qFDCy06Hg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

On Fri, May 01, 2026 at 09:11:17AM +0100, Oliver Pinter wrote:
> On Wednesday, April 29, 2026, Mark Johnston <markj@freebsd.org> wrote:
> 
> > The branch main has been updated by markj:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=
> > f5ea3dce2cbe1ee2068c5e5c11bb066f5789685b
> >
> > commit f5ea3dce2cbe1ee2068c5e5c11bb066f5789685b
> > Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
> > AuthorDate: 2026-04-28 14:35:10 +0000
> > Commit:     Mark Johnston <markj@FreeBSD.org>
> > CommitDate: 2026-04-29 14:39:28 +0000
> >
> >     libnv: switch fd_wait() from select(2) to poll(2)
> >
> >     The previous implementation used FD_SET() on a stack-allocated fd_set,
> >     which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
> >     (1024).
> 
> 
> This problem seems like a more generic problem, after looking into
> sys/select.h
> 
> What about adding a check for the FD_SET about the variable is on the stack
> or not? And enforce the FD_SETSIZE limit almost the same way as it is
> already done with fortify source.

FORTIFY_SOURCE would automatically detect the addition of out-of-bounds
fds, so as a mitigation I would like to propose enabling it by default.

> 
> Maybe the https://lists.llvm.org/pipermail/llvm-dev/2013-October/066294.html
> can
> be used (or abused) to implement this check.
> 
> Feel free to correct me, if I'm wrong.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?afUJBGczsjXZ8yxD>