From 40fa42bc2721bd9f0f3ca4546fedea692a4a4ffd Mon Sep 17 00:00:00 2001
From: Marco Vanotti <mvanotti@google.com>
Date: Wed, 11 Sep 2019 13:29:09 -0700
Subject: executor/fuchsia: close vmo handle in syz_mmap.

This commit fixes a handle leak in syz_mmap. The bug was pointed out by
mdempsky during a code review.

The `syz_mmap` function creates a VMO and maps it to a VMAR in the address
specified by the `syz_mmap` parameters. Once a VMO is mapped to a vmar,
the handle to the vmo can be closed without problems.

The new code makes sure that `zx_handle_close(vmo_handle)` gets called before
the `syz_mmap` function returns.
---
 pkg/csource/generated.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkg')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 908fff1db..9e9847ce8 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -957,6 +957,11 @@ long syz_mmap(size_t addr, size_t size)
 	status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE | ZX_VM_FLAG_PERM_EXECUTE,
 			     addr - info.base, vmo, 0, size,
 			     &mapped_addr);
+
+	zx_status_t close_vmo_status = zx_handle_close(vmo);
+	if (close_vmo_status != ZX_OK) {
+		debug("zx_handle_close(vmo) failed with: %d\n", close_vmo_status);
+	}
 	return status;
 }
 #endif
-- 
cgit mrf-deployment