From 7ef02842ebde3c88c04dac7cee707b8c581332bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 28 Feb 2023 21:20:03 +0100
Subject: load_file_data: do not close fd on error to avoid double-close
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

load_file_data() closes the passed file descriptor in case of an read(2)
failure.  The file descriptor is however owned by the caller and should
not be closed to avoid a double-close.
Since in this error branch NULL is always returned the only affected
caller is load_file_data(), as all other callers immediately abort via
die_with_error().  As bubblewrap is single-threaded the second close(2)
in load_file_data() will be well-defined and fail with EBADF, leading to
no unrelated file descriptor to be closed

Found by GCC analyzer:

    ./utils.c: In function ‘load_file_at’:
    ./utils.c:630:3: warning: double ‘close’ of file descriptor ‘fd’ [CWE-1341] [-Wanalyzer-fd-double-close]
    630 |   close (fd);
        |   ^~~~~~~~~~
    ...
            |  596 |           close (fd);
            |      |           ~~~~~~~~~~
            |      |           |
            |      |           (15) first ‘close’ here
    ...
        |  630 |   close (fd);
        |      |   ~~~~~~~~~~
        |      |   |
        |      |   (20) second ‘close’ here; first ‘close’ was at (15)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 utils.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/utils.c b/utils.c
index 693273b..b2e885f 100644
--- a/utils.c
+++ b/utils.c
@@ -568,7 +568,6 @@ load_file_data (int     fd,
   ssize_t data_read;
   ssize_t data_len;
   ssize_t res;
-  int errsv;
 
   data_read = 0;
   data_len = 4080;
@@ -587,12 +586,7 @@ load_file_data (int     fd,
       while (res < 0 && errno == EINTR);
 
       if (res < 0)
-        {
-          errsv = errno;
-          close (fd);
-          errno = errsv;
-          return NULL;
-        }
+        return NULL;
 
       data_read += res;
     }
-- 
cgit v1.2.1