https://bugs.kde.org/show_bug.cgi?id=493430
--- Comment #5 from Mark Wielaard <[email protected]> --- One example of where we didn't check (all) fds was in dup2. commit 0dbd164e1767dc29a6e0ea8d2c86b02d6913043b Author: Mark Wielaard <[email protected]> Date: Sat Jul 5 00:51:36 2025 +0200 Check dup2 oldfd before allowing the syscall The dup201 LTP test fails with TFAIL: dup2(1024, 5) succeeded That is because 1024 here is the soft file limit (so one higher than the max number of fds). Valgrind raises the soft limit a little internally to have a few private fds for itself. So this dup2 call succeeds (and possibly dups and internal valgrind fd into the newfd). We should check the oldfd before allowing the dup2 syscall, like we already check the newfd. diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c index f8d73e1973d3..50deb1e7641f 100644 --- a/coregrind/m_syswrap/syswrap-generic.c +++ b/coregrind/m_syswrap/syswrap-generic.c @@ -3758,6 +3758,8 @@ PRE(sys_dup2) { PRINT("sys_dup2 ( %" FMT_REGWORD "u, %" FMT_REGWORD "u )", ARG1, ARG2); PRE_REG_READ2(long, "dup2", unsigned int, oldfd, unsigned int, newfd); + if (!ML_(fd_allowed)(ARG1, "dup2", tid, False)) + SET_STATUS_Failure( VKI_EBADF ); if (!ML_(fd_allowed)(ARG2, "dup2", tid, True)) SET_STATUS_Failure( VKI_EBADF ); } -- You are receiving this mail because: You are watching all bug changes.
