pstream: Fix use of uninitialized value: ancillary fd cleanup flag

As reported by valrgrind

  ==30002== Conditional jump or move depends on uninitialised value(s)
  ==30002==    at 0x5CB883C: pa_cmsg_ancil_data_close_fds (pstream.c:193)
  ==30002==    by 0x5CBB161: do_write (pstream.c:759)
  ==30002==    by 0x5CB8B51: do_pstream_read_write (pstream.c:233)
  ==30002==    by 0x5CB8EE8: io_callback (pstream.c:279)
  ...

The pa_cmsg_ancil_data structure has two main guards:
'creds_valid', which implies that it holds credentials
information, and 'nfd', which implies it holds file descriptors.

When code paths create a credentials ancillary data structure,
they just set the 'nfd' guard to zero. Typically, the rest of
pa_cmsg_ancil_data fields related to fds are _all_ left
_uninitialized_.

pa_cmsg_ancil_data_close_fds() has broken the above contract:
it accesses the new 'close_fds_on_cleanup' flag, which is related
to file descriptors, without checking the 'nfd == 0' guard first.
Fix this inconsistency.

Reported-by: Alexander E. Patrakov <patrakov@gmail.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Signed-off-by: Arun Raghavan <arun@arunraghavan.net>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/pulsecore/pstream.c b/src/pulsecore/pstream.c
index 1ea3c5bb0..bbff2f6a9 100644
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@@ -190,7 +190,7 @@ struct pa_pstream {
  * it guarantees necessary cleanups after fds close.. This method is
  * also multiple-invocations safe. */
 void pa_cmsg_ancil_data_close_fds(struct pa_cmsg_ancil_data *ancil) {
-    if (ancil && ancil->close_fds_on_cleanup) {
+    if (ancil && ancil->nfd > 0 && ancil->close_fds_on_cleanup) {
         int i;
 
         pa_assert(ancil->nfd <= MAX_ANCIL_DATA_FDS);