Diffusion FreeBSD src repository f5ea3dce2cbe

libnv: switch fd_wait() from select(2) to poll(2)
f5ea3dce2cbe
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

libnv: switch fd_wait() from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

Approved by: so
Security: FreeBSD-SA-26:16.libnv
Security: CVE-2026-39457
Reported by: Joshua Rogers of AISLE Research Team (https://aisle.com/)
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56689

Details

Provenance

oshogbo	Authored on Apr 28 2026, 2:35 PM
markj	Committed on Apr 29 2026, 2:39 PM

Reviewer

Differential Revision

D56689: libnv: switch fd_wait() from select(2) to poll(2)

Parents

rG6f9ddb329b07: pf: improve SCTP validation

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rGf5ea3dce2cbe: libnv: switch fd_wait() from select(2) to poll(2) (authored by oshogbo).Apr 29 2026, 2:39 PM

markj added an edge: D56689: libnv: switch fd_wait() from select(2) to poll(2).Apr 29 2026, 2:47 PM

Changes (2)

Path

Size

lib/

libnv/

tests/

nvlist_send_recv_test.c

rGf5ea3dce2cbe

lib/libnv/msgio.c

Loading...

lib/libnv/tests/nvlist_send_recv_test.c

Loading...