launch: Avoid double-close when qemu exits early.

The stdin and stdout of the qemu process are aliased to g->fd: g->fd[0] = wfd[1]; g->fd[1] = rfd[0]; However if the child exits early, then child_cleanup closes g->fd[0], g->fd[1], AND the code at the cleanup1 label closes wfd[1], rfd[0], resulting in a double-close. Avoid this case by setting wfd[1], rfd[0] to -1. In the cleanup1 label, only close wfd[1], rfd[0] if they are not -1, and add the same for g->fd[0], g->fd[1].
2026-03-22 07:03:38 +00:00 · 2012-06-26 14:39:16 +01:00
parent 9e221e55b6
commit c87956837e
1 changed files with 6 additions and 2 deletions
--- a/src/launch.c
+++ b/src/launch.c
@@ -1018,6 +1018,7 @@ launch_appliance (guestfs_h *g)

    g->fd[0] = wfd[1];		/* stdin of child */
    g->fd[1] = rfd[0];		/* stdout of child */
+    wfd[1] = rfd[0] = -1;
  } else {
    g->fd[0] = open ("/dev/null", O_RDWR|O_CLOEXEC);
    if (g->fd[0] == -1) {
@@ -1028,6 +1029,7 @@ launch_appliance (guestfs_h *g)
    if (g->fd[1] == -1) {
      perrorf (g, "dup");
      close (g->fd[0]);
+      g->fd[0] = -1;
      goto cleanup1;
    }
  }
@@ -1098,13 +1100,15 @@ launch_appliance (guestfs_h *g)

 cleanup1:
  if (!g->direct) {
-    close (wfd[1]);
-    close (rfd[0]);
+    if (wfd[1] >= 0) close (wfd[1]);
+    if (rfd[1] >= 0) close (rfd[0]);
  }
  if (g->pid > 0) kill (g->pid, 9);
  if (g->recoverypid > 0) kill (g->recoverypid, 9);
  if (g->pid > 0) waitpid (g->pid, NULL, 0);
  if (g->recoverypid > 0) waitpid (g->recoverypid, NULL, 0);
+  if (g->fd[0] >= 0) close (g->fd[0]);
+  if (g->fd[1] >= 0) close (g->fd[1]);
  g->fd[0] = -1;
  g->fd[1] = -1;
  g->pid = 0;