diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2023-02-28 21:20:03 +0100 |
---|---|---|
committer | Christian Göttsche <cgzones@googlemail.com> | 2023-03-01 20:35:38 +0100 |
commit | 7ef02842ebde3c88c04dac7cee707b8c581332bc (patch) | |
tree | 5b581b2fe68e933000426df6ac4c5ee5d436e077 | |
parent | 4ab175fe6d3a4053444b04d805a6d686f53455b9 (diff) | |
download | bubblewrap-7ef02842ebde3c88c04dac7cee707b8c581332bc.tar.gz |
load_file_data: do not close fd on error to avoid double-close
load_file_data() closes the passed file descriptor in case of an read(2)
failure. The file descriptor is however owned by the caller and should
not be closed to avoid a double-close.
Since in this error branch NULL is always returned the only affected
caller is load_file_data(), as all other callers immediately abort via
die_with_error(). As bubblewrap is single-threaded the second close(2)
in load_file_data() will be well-defined and fail with EBADF, leading to
no unrelated file descriptor to be closed
Found by GCC analyzer:
./utils.c: In function ‘load_file_at’:
./utils.c:630:3: warning: double ‘close’ of file descriptor ‘fd’ [CWE-1341] [-Wanalyzer-fd-double-close]
630 | close (fd);
| ^~~~~~~~~~
...
| 596 | close (fd);
| | ~~~~~~~~~~
| | |
| | (15) first ‘close’ here
...
| 630 | close (fd);
| | ~~~~~~~~~~
| | |
| | (20) second ‘close’ here; first ‘close’ was at (15)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
-rw-r--r-- | utils.c | 8 |
1 files changed, 1 insertions, 7 deletions
@@ -568,7 +568,6 @@ load_file_data (int fd, ssize_t data_read; ssize_t data_len; ssize_t res; - int errsv; data_read = 0; data_len = 4080; @@ -587,12 +586,7 @@ load_file_data (int fd, while (res < 0 && errno == EINTR); if (res < 0) - { - errsv = errno; - close (fd); - errno = errsv; - return NULL; - } + return NULL; data_read += res; } |