| Message ID | 20190516003736.25544-1-mh@glandium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/2] dup() the input fd for fast-import used for remote helpers | expand |
On Thu, May 16, 2019 at 09:37:35AM +0900, Mike Hommey wrote: > When a remote helper exposes the "import" capability, stdout of the > helper is sent to stdin of a new fast-import process. This is done by > setting the corresponding child_process's in field to the value of the > out field of the helper child_process. > > The child_process API is defined to close the file descriptors it's > given when calling start_command. This means when start_command is > called for the fast-import process, its input fd (the output fd of the > helper), is closed. > > But when the transport helper is later destroyed, in disconnect_helper, > its input and output are closed, which means close() is called with > an invalid fd (since it was already closed as per above). Or worse, with > a valid fd owned by something else (since fd numbers can be reused). I think this strategy is OK, as explained in my other email. -Peff
diff --git a/transport-helper.c b/transport-helper.c index 1f52c95fd8..29787b749e 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -421,7 +421,7 @@ static int get_importer(struct transport *transport, struct child_process *fasti struct helper_data *data = transport->data; int cat_blob_fd, code; child_process_init(fastimport); - fastimport->in = helper->out; + fastimport->in = xdup(helper->out); argv_array_push(&fastimport->args, "fast-import"); argv_array_push(&fastimport->args, debug ? "--stats" : "--quiet");
When a remote helper exposes the "import" capability, stdout of the helper is sent to stdin of a new fast-import process. This is done by setting the corresponding child_process's in field to the value of the out field of the helper child_process. The child_process API is defined to close the file descriptors it's given when calling start_command. This means when start_command is called for the fast-import process, its input fd (the output fd of the helper), is closed. But when the transport helper is later destroyed, in disconnect_helper, its input and output are closed, which means close() is called with an invalid fd (since it was already closed as per above). Or worse, with a valid fd owned by something else (since fd numbers can be reused). Signed-off-by: Mike Hommey <mh@glandium.org> --- transport-helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)