From 7c7c00635ef1e1fc0d52c1a1af681e8ec79202c5 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Fri, 12 Apr 2024 15:58:20 +0100 Subject: [PATCH] gspawn: Fix use of uninitialised FDs on error path Spotted by scan-build, an actual true positive result from it, and a fiendish one too. If any of the calls to `dupfd_cloexec()` (except the final one) fail, the remainder of the `duped_source_fds` array would have been left uninitialised. The code in `out_close_fds` would have then called `g_clear_fd()` on an uninitialised FD, with unpredictable results. Signed-off-by: Philip Withnall Helps: #1767 --- glib/gspawn.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/glib/gspawn.c b/glib/gspawn.c index 0ddd53249..d2ef460ab 100644 --- a/glib/gspawn.c +++ b/glib/gspawn.c @@ -1811,6 +1811,8 @@ do_posix_spawn (const gchar * const *argv, goto out_close_fds; duped_source_fds = g_new (gint, n_fds); + for (i = 0; i < n_fds; i++) + duped_source_fds[i] = -1; /* initialise in case dupfd_cloexec() fails below */ for (i = 0; i < n_fds; i++) { duped_source_fds[i] = dupfd_cloexec (source_fds[i], max_target_fd + 1);