Re: Patch for a bug in server/select.c

Bang Jun-Young bjy@mogua.org writes:

Suppose that

    ret = poll( pollfd, nb_users, diff );

has returned an error bit (either of POLLERR, POLLHUP, or POLLNVAL) set in pollfd[].revents. Those error codes are defined in positive numbers in poll.h, so in this case when

    poll_users[i]->ops->poll_event( poll_users[i], pollfd[i].revents );

is called, it tries to get an access to an already freed function and causes a segfault.

POLLERR and POLLHUP are legitimate results, and you definitely have to call the function in that case. POLLNVAL is not supposed to happen, unless there is a bug in the fd management. Or does NetBSD set POLLNVAL when the file descriptor is -1? This wouldn't be correct according to the Single Unix spec.