8224181: On child process spawn, child may write to random file descriptor instead of the fail pipe
Reviewed-by: rriggs, martin
--- a/src/java.base/unix/native/libjava/childproc.c Wed Jun 05 07:25:09 2019 +0200
+++ b/src/java.base/unix/native/libjava/childproc.c Wed Jun 05 08:59:17 2019 +0200
@@ -313,6 +313,7 @@
childProcess(void *arg)
{
const ChildStuff* p = (const ChildStuff*) arg;
+ int fail_pipe_fd = p->fail[1];
/* Close the parent sides of the pipes.
Closing pipe fds here is redundant, since closeDescriptors()
@@ -343,9 +344,12 @@
goto WhyCantJohnnyExec;
}
- if (moveDescriptor(p->fail[1], FAIL_FILENO) == -1)
+ if (moveDescriptor(fail_pipe_fd, FAIL_FILENO) == -1)
goto WhyCantJohnnyExec;
+ /* We moved the fail pipe fd */
+ fail_pipe_fd = FAIL_FILENO;
+
/* close everything */
if (closeDescriptors() == 0) { /* failed, close the old way */
int max_fd = (int)sysconf(_SC_OPEN_MAX);
@@ -377,9 +381,9 @@
*/
{
int errnum = errno;
- restartableWrite(FAIL_FILENO, &errnum, sizeof(errnum));
+ restartableWrite(fail_pipe_fd, &errnum, sizeof(errnum));
}
- close(FAIL_FILENO);
+ close(fail_pipe_fd);
_exit(-1);
return 0; /* Suppress warning "no return value from function" */
}