luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-12 07:26:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

gspawn: Fix use of uninitialised FDs on error path

Browse Source 
Spotted by scan-build, an actual true positive result from it, and a
fiendish one too.

If any of the calls to `dupfd_cloexec()` (except the final one) fail,
the remainder of the `duped_source_fds` array would have been left
uninitialised.

The code in `out_close_fds` would have then called `g_clear_fd()` on an
uninitialised FD, with unpredictable results.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
This commit is contained in:
Philip Withnall 2024-04-12 15:58:20 +01:00
parent 21f5e175d4
commit 7c7c00635e
No known key found for this signature in database
GPG Key ID: DCDF5885B1F3ED73
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
glib/gspawn.c
View File

@ -1811,6 +1811,8 @@ do_posix_spawn (const gchar * const *argv,
goto out_close_fds; goto out_close_fds;
duped_source_fds = g_new (gint, n_fds); duped_source_fds = g_new (gint, n_fds);
for (i = 0; i < n_fds; i++)
duped_source_fds[i] = -1; /* initialise in case dupfd_cloexec() fails below */
for (i = 0; i < n_fds; i++) for (i = 0; i < n_fds; i++)
{ {
duped_source_fds[i] = dupfd_cloexec (source_fds[i], max_target_fd + 1); duped_source_fds[i] = dupfd_cloexec (source_fds[i], max_target_fd + 1);