From 822d847ccaa1e6016b818bee289b5e33335f9fee Mon Sep 17 00:00:00 2001
From: Dean Deng <deandeng@google.com>
Date: Fri, 20 Dec 2019 08:43:15 -0800
Subject: Check for valid nfds before copying in an fd set.

Otherwise, CopyInFDSet will try to allocate a negative-length slice.

PiperOrigin-RevId: 286584907
---
 pkg/sentry/strace/select.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'pkg/sentry')

diff --git a/pkg/sentry/strace/select.go b/pkg/sentry/strace/select.go
index dea309fda..c77d418e6 100644
--- a/pkg/sentry/strace/select.go
+++ b/pkg/sentry/strace/select.go
@@ -36,6 +36,9 @@ func fdsFromSet(t *kernel.Task, set []byte) []int {
 }
 
 func fdSet(t *kernel.Task, nfds int, addr usermem.Addr) string {
+	if nfds < 0 {
+		return fmt.Sprintf("%#x (negative nfds)", addr)
+	}
 	if addr == 0 {
 		return "null"
 	}
-- 
cgit v1.2.3