From: Mark Wielaard <mark@klomp.org>
Date: Fri, 4 Jul 2025 22:51:36 +0000 (+0200)
Subject: Check dup2 oldfd before allowing the syscall
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=0dbd164e1767dc29a6e0ea8d2c86b02d6913043b;p=thirdparty%2Fvalgrind.git

Check dup2 oldfd before allowing the syscall

The dup201 LTP test fails with TFAIL: dup2(1024, 5) succeeded

That is because 1024 here is the soft file limit (so one higher than
the max number of fds). Valgrind raises the soft limit a little
internally to have a few private fds for itself. So this dup2 call
succeeds (and possibly dups and internal valgrind fd into the
newfd). We should check the oldfd before allowing the dup2 syscall,
like we already check the newfd.
---

diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
index f8d73e197..50deb1e76 100644
--- a/coregrind/m_syswrap/syswrap-generic.c
+++ b/coregrind/m_syswrap/syswrap-generic.c
@@ -3758,6 +3758,8 @@ PRE(sys_dup2)
 {
    PRINT("sys_dup2 ( %" FMT_REGWORD "u, %" FMT_REGWORD "u )", ARG1, ARG2);
    PRE_REG_READ2(long, "dup2", unsigned int, oldfd, unsigned int, newfd);
+   if (!ML_(fd_allowed)(ARG1, "dup2", tid, False))
+      SET_STATUS_Failure( VKI_EBADF );
    if (!ML_(fd_allowed)(ARG2, "dup2", tid, True))
       SET_STATUS_Failure( VKI_EBADF );
 }