From ef1ebf96f300d9a2f487656ac827a9c166f57197 Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Tue, 23 Nov 2021 15:36:24 +0300 Subject: Fixed possible access to an uninitialized field. The "recv_msg.incoming_buf" is checked after jumping to the "done" label if nxt_socket_msg_oob_get_fds() returns an error. Also moved initialization of "port_msg" near to its first usage. Found by Coverity (CID 373899). --- src/nxt_unit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/nxt_unit.c b/src/nxt_unit.c index 06ad1636..135c06ed 100644 --- a/src/nxt_unit.c +++ b/src/nxt_unit.c @@ -937,9 +937,9 @@ nxt_unit_process_msg(nxt_unit_ctx_t *ctx, nxt_unit_read_buf_t *rbuf, lib = nxt_container_of(ctx->unit, nxt_unit_impl_t, unit); + recv_msg.incoming_buf = NULL; recv_msg.fd[0] = -1; recv_msg.fd[1] = -1; - port_msg = (nxt_port_msg_t *) rbuf->buf; rc = nxt_socket_msg_oob_get_fds(&rbuf->oob, recv_msg.fd); if (nxt_slow_path(rc != NXT_OK)) { @@ -948,8 +948,6 @@ nxt_unit_process_msg(nxt_unit_ctx_t *ctx, nxt_unit_read_buf_t *rbuf, goto done; } - recv_msg.incoming_buf = NULL; - if (nxt_slow_path(rbuf->size < (ssize_t) sizeof(nxt_port_msg_t))) { if (nxt_slow_path(rbuf->size == 0)) { nxt_unit_debug(ctx, "read port closed"); @@ -965,6 +963,8 @@ nxt_unit_process_msg(nxt_unit_ctx_t *ctx, nxt_unit_read_buf_t *rbuf, goto done; } + port_msg = (nxt_port_msg_t *) rbuf->buf; + nxt_unit_debug(ctx, "#%"PRIu32": process message %d fd[0] %d fd[1] %d", port_msg->stream, (int) port_msg->type, recv_msg.fd[0], recv_msg.fd[1]); -- cgit