When the socket has been closed already, cl->sock is -1. Don't pass
that to FD_SET() etc.
diff -up a/LibVNCServer-0.8.2/libvncserver/main.c b/LibVNCServer-0.8.2/libvncserver/main.c
--- a/LibVNCServer-0.8.2/libvncserver/main.c 2007-07-24 20:33:55.000000000 +0200
+++ b/LibVNCServer-0.8.2/libvncserver/main.c 2007-07-25 15:48:58.000000000 +0200
@@ -497,9 +497,12 @@ clientInput(void *data)
int n, sock;
LOCK(cl->updateMutex);
- sock = cl->sock;
+ sock = dup(cl->sock);
UNLOCK(cl->updateMutex);
+ if (sock == -1)
+ break;
+
FD_ZERO(&rfds);
FD_SET(sock, &rfds);
FD_ZERO(&efds);
@@ -515,11 +518,13 @@ clientInput(void *data)
n = select(sock + 1, &rfds, &wfds, &efds, &tv);
if (n < 0) {
rfbLogPerror("ReadExact: select");
+ close(sock);
break;
}
if (n == 0) /* timeout */
{
rfbSendFileTransferChunk(cl);
+ close(sock);
continue;
}
@@ -530,6 +535,8 @@ clientInput(void *data)
if (FD_ISSET(sock, &rfds) || FD_ISSET(sock, &efds))
rfbProcessClientMessage(cl);
+ close(sock);
+
LOCK(cl->updateMutex);
if (cl->sock == -1) {
UNLOCK(cl->updateMutex);