DEBUG: fd: make sure we never try to insert/delete an impossible FD number

It's among the cases that would provoke memory corruption, let's add
some tests against negative FDs and those larger than the table. This
must never ever happen and would currently result in silent corruption
or a crash. Better have a noticeable one exhibiting the call chain if
that were to happen.

(cherry picked from commit 9aa324de2d9f69d74f5b30c33a78d3a38501342f)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/include/haproxy/fd.h b/include/haproxy/fd.h
index 40ef38f..8bf30cd 100644 (file)
--- a/include/haproxy/fd.h
+++ b/include/haproxy/fd.h
@@ -319,6 +319,11 @@ static inline void fd_insert(int fd, void *owner, void (*iocb)(int fd), unsigned
 {
        extern void sock_conn_iocb(int);
 
+       /* This must never happen and would definitely indicate a bug, in
+        * addition to overwriting some unexpected memory areas.
+        */
+       BUG_ON(fd < 0 || fd >= global.maxsock);
+
        fdtab[fd].owner = owner;
        fdtab[fd].iocb = iocb;
        fdtab[fd].state = 0;

diff --git a/src/fd.c b/src/fd.c
index fd2e134..10a634a 100644 (file)
--- a/src/fd.c
+++ b/src/fd.c
@@ -335,6 +335,11 @@ void _fd_delete_orphan(int fd)
  */
 void fd_delete(int fd)
 {
+       /* This must never happen and would definitely indicate a bug, in
+        * addition to overwriting some unexpected memory areas.
+        */
+       BUG_ON(fd < 0 || fd >= global.maxsock);
+
        /* we must postpone removal of an FD that may currently be in use
         * by another thread. This can happen in the following two situations:
         *   - after a takeover, the owning thread closes the connection but