Ubuntu
glibc package

  1. Bug #386558
  2. Comment #4

Comment 4 for bug 386558

Revision history for this message
Kees Cook (kees) wrote : Re: RLIMIT_NOFILE > 1024 seems to cause select() to corrupt the stack

There have been reports about this kind of thing before:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1500
http://marc.info/?l=bugtraq&m=110660879328901

But I cannot find a bug in glibc for it. There is no checking done in FDSET or related macros:
#define __FD_SET(d, s) (__FDS_BITS (s)[__FDELT(d)] |= __FDMASK(d))
(/usr/include/bigs/select.h)

Though, what the behavior should be is unclear. Perhaps silently ignoring d>1024? Programs needing to use >1024 fds, with an RLIMIT_NOFILE > 1024 need to use poll, but this really seems like a bug in glibc and the select() man page.