Update: Workaround for unsafe select(2)

When select(2) is used we only support as many file handles as
there is space in fd_set. The limit is given in FD_SETSIZE.
Once we use filehandles with an value >= FD_SETSIZE we might
end up corrupting memory. Therefore we try to avoid those calls
by rejecting handles >= FD_SETSIZE very early.

This patch should keep most problems away. However it does not
actually ensure we don't corrupt memory. That check has been skipped
for performance reasons. Keeping in mind that the use of select(2)
is already deprecated.

src/connection.c

@@ -471,6 +471,13 @@ connection_t *connection_create(sock_t sock, listensocket_t *listensocket_real,
     if (!matchfile_match_allow_deny(allowed_ip, banned_ip, ip))
         return NULL;
 
+#ifndef HAVE_POLL
+    if (sock >= FD_SETSIZE) {
+        ICECAST_LOG_ERROR("Can not create connection: System filehandle set overflow");
+        return NULL;
+    }
+#endif
+
     con = (connection_t *)calloc(1, sizeof(connection_t));
     if (con) {
         refobject_ref(listensocket_real);

src/listensocket.c

@@ -726,6 +726,16 @@ static int listensocket_refsock(listensocket_t *self, bool prefer_inet6)
         return -1;
     }
 
+#ifndef HAVE_POLL
+    if (self->sock >= FD_SETSIZE) {
+        sock_close(self->sock);
+        self->sock = SOCK_ERROR;
+        thread_mutex_unlock(&self->lock);
+        ICECAST_LOG_ERROR("Can not listen on socket: %s port %i: System filehandle set overflow", __string_default(self->listener->bind_address, "<ANY>"), self->listener->port);
+        return -1;
+    }
+#endif
+
     if (__socket_listen(self->sock, self->listener) == 0) {
         sock_close(self->sock);
         self->sock = SOCK_ERROR;