Fixed a memory access error (net_ReadInner)

diff --git a/src/network/io.c b/src/network/io.c
index d22f59537366b91ce8a95b8c5859319e1e4e05cd..f6c39a514738ea6b30e2221f028c0b31286ea514 100644 (file)
--- a/src/network/io.c
+++ b/src/network/io.c
@@ -282,22 +282,22 @@ void net_Close (int fd)
 }
 
 
-static ssize_t
-net_ReadInner( vlc_object_t *restrict p_this, unsigned fdc, const int *fdv,
-               const v_socket_t *const *restrict vsv,
-               uint8_t *restrict p_buf, size_t i_buflen,
-               vlc_bool_t dontwait, vlc_bool_t waitall )
+static ssize_t net_ReadInner( vlc_object_t *restrict p_this,
+                              unsigned i_fdc, const int *p_fdv,
+                              const v_socket_t *const *restrict pp_vsv,
+                              uint8_t *restrict p_buf, size_t i_buflen,
+                              vlc_bool_t dontwait, vlc_bool_t waitall )
 {
     size_t i_total = 0;
 
-    while (i_buflen > 0)
+    while( i_buflen > 0 )
     {
-        unsigned i;
+        unsigned int i;
         ssize_t n;
-        struct pollfd ufd[fdc];
+        struct pollfd ufd[i_fdc];
 
         int delay_ms = dontwait ? 0 : 500;
-        if (p_this->b_die)
+        if( p_this->b_die )
         {
 #if defined(WIN32) || defined(UNDER_CE)
             WSASetLastError(WSAEINTR);
@@ -309,45 +309,48 @@ net_ReadInner( vlc_object_t *restrict p_this, unsigned fdc, const int *fdv,
 
         memset (ufd, 0, sizeof (ufd));
 
-        for( i = 0; i < fdc; i++ )
+        for( i = 0; i < i_fdc; i++ )
         {
-            ufd[i].fd = fdv[i];
+            ufd[i].fd = p_fdv[i];
             ufd[i].events = POLLIN;
         }
 
-        n = poll( ufd, fdc, delay_ms );
+        n = poll( ufd, i_fdc, delay_ms );
         if( n == -1 )
             goto error;
 
-        assert ((unsigned)n <= fdc);
+        assert ((unsigned)n <= i_fdc);
 
-        if (n == 0) // timeout
+        if( n == 0 ) // timeout
             continue;
 
-        for (i = 0;; i++)
+        for( i = 0; i < i_fdc; i++ )
         {
-            if ((i_total > 0) && (ufd[i].revents & POLLERR))
+            if( i_total > 0 && (ufd[i].revents & POLLERR) )
                 return i_total; // error will be dequeued on next run
 
-            if ((ufd[i].revents & POLLIN) == 0)
+            if( (ufd[i].revents & POLLIN) == 0 )
                 continue;
 
-            fdc = 1;
-            fdv += i;
-            vsv += i;
+            /* */
+            i_fdc  = 1;
+            p_fdv  = &p_fdv[i];
+            pp_vsv = &pp_vsv[i];
             break;
         }
+        if( i >= i_fdc )
+            continue;
 
-        if( (*vsv) != NULL )
+        if( (*pp_vsv) != NULL )
         {
-            n = (*vsv)->pf_recv( (*vsv)->p_sys, p_buf, i_buflen );
+            n = (*pp_vsv)->pf_recv( (*pp_vsv)->p_sys, p_buf, i_buflen );
         }
         else
         {
 #if defined(WIN32) || defined(UNDER_CE)
-            n = recv( *fdv, p_buf, i_buflen, 0 );
+            n = recv( *p_fdv, p_buf, i_buflen, 0 );
 #else
-            n = read( *fdv, p_buf, i_buflen );
+            n = read( *p_fdv, p_buf, i_buflen );
 #endif
         }
 
@@ -374,26 +377,26 @@ net_ReadInner( vlc_object_t *restrict p_this, unsigned fdc, const int *fdv,
                     goto error;
             }
 #else
-            if( errno == EAGAIN ) /* spurious wake-up (sucks if fdc > 1) */
+            if( errno == EAGAIN ) /* spurious wake-up (sucks if i_fdc > 1) */
                 continue;
             goto error;
 #endif
         }
 
-        if (n == 0) // EOF
+        if( n == 0 ) // EOF
             break;
 
         i_total += n;
         p_buf += n;
         i_buflen -= n;
 
-        if (dontwait || !waitall)
+        if( dontwait || !waitall )
             break;
     }
     return i_total;
 
 error:
-    msg_Err( p_this, "Read error: %s", net_strerror (net_errno) );
+    msg_Err( p_this, "Read error: %s", net_strerror( net_errno ) );
     return i_total ? (ssize_t)i_total : -1;
 }