From 508bb58325dbacebda8dd6ec7703c5446c339d21 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 1 Jul 2011 23:47:10 +0100
Subject: [PATCH] Poll loop: fix read of unused fds[]

Commit 29672515
 portability: Work around Apple's bizarrely deficient poll() implementation
introduced a read of unitialised data in fds[], because it failed to
honour i->nfds which is 0 on the first iteration.

The symptom is that secnet may, on the first iteration, die due to
mistakenly seeing POLLNVAL.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 secnet.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/secnet.c b/secnet.c
index 2bf50fd..36750ec 100644
--- a/secnet.c
+++ b/secnet.c
@@ -309,8 +309,11 @@ static void run(void)
 	           ((uint64_t)tv_now_global.tv_usec/(uint64_t)1000);
 	idx=0;
 	for (i=reg; i; i=i->next) {
-	    if(fds[idx].revents & POLLNVAL) {
-		fatal("run: poll (%s) set POLLNVAL", i->desc);
+	    int check;
+	    for (check=0; check<i->nfds; check++) {
+		if(fds[idx+check].revents & POLLNVAL) {
+		    fatal("run: poll (%s#%d) set POLLNVAL", i->desc, check);
+		}
 	    }
 	    i->after(i->state, fds+idx, i->nfds);
 	    idx+=i->nfds;
-- 
2.30.2