[PATCH 1/3] connection: Only read file descriptor if it was actually received

[Lubomir Rintel]

Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.

Signal the lack of file descriptor with -1, so that the request handler
can determine that no valid file descriptor was received via anciliary
data.

Signed-off-by: Lubomir Rintel <lkundrak at v3.sk>
---
 src/connection.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/connection.c b/src/connection.c
index 451b93e..48a5398 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -605,7 +605,7 @@ wl_connection_demarshal(struct wl_connection *connection,
 			const struct wl_message *message)
 {
 	uint32_t *p, *next, *end, length, id;
-	int fd;
+	int fd = -1;
 	char *s;
 	unsigned int i, count, num_arrays;
 	const char *signature;
@@ -744,8 +744,10 @@ wl_connection_demarshal(struct wl_connection *connection,
 			p = next;
 			break;
 		case 'h':
-			wl_buffer_copy(&connection->fds_in, &fd, sizeof fd);
-			connection->fds_in.tail += sizeof fd;
+			if (connection->fds_in.tail != connection->fds_in.head) {
+				wl_buffer_copy(&connection->fds_in, &fd, sizeof fd);
+				connection->fds_in.tail += sizeof fd;
+			}
 			closure->args[i].h = fd;
 			break;
 		default:
-- 
1.8.4.2