From ff8beb27a56915f40156dd6f5034399e5e3a8dcb Mon Sep 17 00:00:00 2001
From: Thiago Macieira <thiago.macieira@intel.com>
Date: Tue, 27 Sep 2022 11:11:18 -0700
Subject: [PATCH] qpoll: disallow file descriptors bigger than FD_SETSIZE

I don't know which platforms qpoll.cpp is still used and if in those
there's even a way to increase the file descriptor limit above
FD_SETSIZE's. But this is an easy change and protects against buffer
overruns.

Change-Id: I810d70e579eb4e2c8e45fffd1718ca1aac8e6bef
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 8c1776ee0781b49e0966d8394f02f55a90d73eba)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/kernel/qpoll.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/corelib/kernel/qpoll.cpp b/src/corelib/kernel/qpoll.cpp
index eba5664f4a1..bbd197f292f 100644
--- a/src/corelib/kernel/qpoll.cpp
+++ b/src/corelib/kernel/qpoll.cpp
@@ -156,6 +156,11 @@ int qt_poll(struct pollfd *fds, nfds_t nfds, const struct timespec *timeout_ts)
         if (fds[i].fd < 0)
             continue;
 
+        if (fds[i].fd > FD_SETSIZE) {
+            errno = EINVAL;
+            return -1;
+        }
+
         if (fds[i].events & QT_POLL_EVENTS_MASK)
             continue;