Kernel: Don't try to copy empty Vector in sys$recvmsg

If there's no fds to copy in a message with proper space for an SCM_RIGHTS set of cmsg headers, then don't try to copy them. This avoids a Kernel panic when recvmsg-ing, as copy_to_user(p, 0, 0) hits a VERIFY.
Author: https://github.com/ADKaster Commit: a65c385057 Pull-request: https://github.com/SerenityOS/serenity/pull/24025 Issue: https://github.com/SerenityOS/serenity/issues/22357 Reviewed-by: https://github.com/trflynn89 ✅
2025-09-27 11:48:59 +00:00 · 2024-04-17 18:09:21 -06:00 · 2024-04-17 18:09:21 -06:00 · a65c385057 · 2024-07-17 18:49:10 +09:00
commit a65c385057
parent 3568215790
1 changed files with 2 additions and 1 deletions
--- a/Kernel/Syscalls/socket.cpp
+++ b/Kernel/Syscalls/socket.cpp
@ -322,7 +322,8 @@ ErrorOr<FlatPtr> Process::sys$recvmsg(int sockfd, Userspace<struct msghdr*> user
            m_fds.with_exclusive([&](auto& fds) { fds[fd_allocation.fd].set(*description, 0); });
            fdnums.append(fd_allocation.fd);
        }
-        TRY(try_add_cmsg(SOL_SOCKET, SCM_RIGHTS, fdnums.data(), fdnums.size() * sizeof(int)));
+        if (!fdnums.is_empty())
+            TRY(try_add_cmsg(SOL_SOCKET, SCM_RIGHTS, fdnums.data(), fdnums.size() * sizeof(int)));
    }

    TRY(copy_to_user(&user_msg.unsafe_userspace_ptr()->msg_controllen, &current_cmsg_len));