# HG changeset patch
# User stuefe
# Date 1559717957 -7200
# Node ID 412ce076c0dcbd608d4f51f18aefd70d4f5c610e
# Parent  bb3359bcf53443047ebf4f1c768ab78733761151
8224181: On child process spawn, child may write to random file descriptor instead of the fail pipe
Reviewed-by: rriggs, martin

diff -r bb3359bcf534 -r 412ce076c0dc src/java.base/unix/native/libjava/childproc.c
--- a/src/java.base/unix/native/libjava/childproc.c	Wed Jun 05 07:25:09 2019 +0200
+++ b/src/java.base/unix/native/libjava/childproc.c	Wed Jun 05 08:59:17 2019 +0200
@@ -313,6 +313,7 @@
 childProcess(void *arg)
 {
     const ChildStuff* p = (const ChildStuff*) arg;
+    int fail_pipe_fd = p->fail[1];
 
     /* Close the parent sides of the pipes.
        Closing pipe fds here is redundant, since closeDescriptors()
@@ -343,9 +344,12 @@
             goto WhyCantJohnnyExec;
     }
 
-    if (moveDescriptor(p->fail[1], FAIL_FILENO) == -1)
+    if (moveDescriptor(fail_pipe_fd, FAIL_FILENO) == -1)
         goto WhyCantJohnnyExec;
 
+    /* We moved the fail pipe fd */
+    fail_pipe_fd = FAIL_FILENO;
+
     /* close everything */
     if (closeDescriptors() == 0) { /* failed,  close the old way */
         int max_fd = (int)sysconf(_SC_OPEN_MAX);
@@ -377,9 +381,9 @@
      */
     {
         int errnum = errno;
-        restartableWrite(FAIL_FILENO, &errnum, sizeof(errnum));
+        restartableWrite(fail_pipe_fd, &errnum, sizeof(errnum));
     }
-    close(FAIL_FILENO);
+    close(fail_pipe_fd);
     _exit(-1);
     return 0;  /* Suppress warning "no return value from function" */
 }