From 771be64912d080844b0f3a0b90bdf7e7fab8281e Mon Sep 17 00:00:00 2001
From: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Date: Fri, 27 Dec 2013 14:35:55 -0500
Subject: [PATCH] qrexec-daemon: fix read underflow when the last fd goes

If no remaining fd is alive in the list, the loop breaks when i
is negative, but by then clients[-1] would have been dereferenced.
---
 qrexec/qrexec-daemon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c
index dc31875..c32e359 100644
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@@ -246,7 +246,7 @@ void terminate_client_and_flush_data(int fd)
 	clients[fd].state = CLIENT_INVALID;
 	buffer_free(&clients[fd].buffer);
 	if (max_client_fd == fd) {
-		for (i = fd; clients[i].state == CLIENT_INVALID && i >= 0;
+		for (i = fd; i >= 0 && clients[i].state == CLIENT_INVALID;
 		     i--);
 		max_client_fd = i;
 	}