Mark Pizzolato <m...@infocomm.com> writes:
> Public bug reported:
>
> On any host platform where SOCK_CLOEXEC is defined (Linux at least), a
> socket is leaked on each call to qemu_socket() AND the socket returned
> hasn't been created with the desired SOCK_CLOEXEC attribute. The
> qemu_socket routine is:
>
> Line 272 of util/osdep.c:
> /*
> * Opens a socket with FD_CLOEXEC set
> */
> int qemu_socket(int domain, int type, int protocol)
> {
> int ret;
>
> #ifdef SOCK_CLOEXEC
> ret = socket(domain, type | SOCK_CLOEXEC, protocol);
> if (ret != -1 || errno != EINVAL) {
> return ret;
If socket() succeeded (ret != -1), we return the socket.
If socket() failed with anything but EINVAL (ret == -1 && errno !=
EINVAL), we return -1 with errno set.
> }
Here, ret == -1 && errno == EINVAL.
> #endif
> ret = socket(domain, type, protocol);
> if (ret >= 0) {
> qemu_set_cloexec(ret);
> }
>
> return ret;
> }
How can this leak a socket?
How can this return a socket with FD_CLOEXEC not set?
