On the sender side, file descriptors can be attached up to attachmentMaxAmount = 255 and cmsg_len can be CMSG_LEN(0) + attachmentMaxAmount * sizeof(int). On the receiver side, however, readBytesFromSocket() is doing following comparison: if (controlMessage->cmsg_len < CMSG_LEN(0) || controlMessage->cmsg_len > attachmentMaxAmount) { ASSERT_NOT_REACHED(); break; } I suppose this should be (controlMessage->cmsg_len - CMSG_LEN(0)) / sizeof(int) > attachmentMaxAmount as fileDescriptorsCount is calclulated as: size_t fileDescriptorsCount = (controlMessage->cmsg_len - CMSG_LEN(0)) / sizeof(int);
Created attachment 339189 [details] Patch
Comment on attachment 339189 [details] Patch This has been requesting review for more than one year. If this is still needed, please rebase and re-request review.