Test the value of msg_controllen for platforms whose CMSG_FIRSTHDR() does not test...

[free-sw/xcb/libxcb] / src / xcb_in.c

diff --git a/src/xcb_in.c b/src/xcb_in.c
index 8c3a58c..95087be 100644 (file)
--- a/src/xcb_in.c
+++ b/src/xcb_in.c
@@ -888,13 +888,16 @@ int _xcb_in_read(xcb_connection_t *c)
         .iov_base = c->in.queue + c->in.queue_len,
         .iov_len = sizeof(c->in.queue) - c->in.queue_len,
     };
-    char cmsgbuf[CMSG_SPACE(sizeof(int) * XCB_MAX_PASS_FD)];
+    union {
+        struct cmsghdr cmsghdr;
+        char buf[CMSG_SPACE(XCB_MAX_PASS_FD * sizeof(int))];
+    } cmsgbuf;
     struct msghdr msg = {
         .msg_name = NULL,
         .msg_namelen = 0,
         .msg_iov = &iov,
         .msg_iovlen = 1,
-        .msg_control = cmsgbuf,
+        .msg_control = cmsgbuf.buf,
         .msg_controllen = CMSG_SPACE(sizeof(int) * (XCB_MAX_PASS_FD - c->in.in_fd.nfd)),
     };
     n = recvmsg(c->fd, &msg, 0);
@@ -915,11 +918,13 @@ int _xcb_in_read(xcb_connection_t *c)
 #if HAVE_SENDMSG
         struct cmsghdr *hdr;
 
-        for (hdr = CMSG_FIRSTHDR(&msg); hdr; hdr = CMSG_NXTHDR(&msg, hdr)) {
-            if (hdr->cmsg_level == SOL_SOCKET && hdr->cmsg_type == SCM_RIGHTS) {
-                int nfd = (hdr->cmsg_len - CMSG_LEN(0)) / sizeof (int);
-                memcpy(&c->in.in_fd.fd[c->in.in_fd.nfd], CMSG_DATA(hdr), nfd * sizeof (int));
-                c->in.in_fd.nfd += nfd;
+        if (msg.msg_controllen >= sizeof (struct cmsghdr)) {
+            for (hdr = CMSG_FIRSTHDR(&msg); hdr; hdr = CMSG_NXTHDR(&msg, hdr)) {
+                if (hdr->cmsg_level == SOL_SOCKET && hdr->cmsg_type == SCM_RIGHTS) {
+                    int nfd = (hdr->cmsg_len - CMSG_LEN(0)) / sizeof (int);
+                    memcpy(&c->in.in_fd.fd[c->in.in_fd.nfd], CMSG_DATA(hdr), nfd * sizeof (int));
+                    c->in.in_fd.nfd += nfd;
+                }
             }
         }
 #endif