r0 = syz_job_default() zx_job_create(r0, 0x0, &AUTO=0x0) zx_socket_create(0x0, &AUTO=0x0, &AUTO=0x0) # Duplicate the child job handle with the same rights (ZX_DEFAULT_JOB_RIGHTS), then with no rights. zx_handle_duplicate(r1, 0x80000000, &AUTO=0x0) zx_handle_duplicate(r1, 0x0, &AUTO=0x0) # Duplicating a handle without ZX_RIGHT_DUPLICATE should fail. # Duplicating a handle with rights that are not a subset of the original's rights should also fail. zx_handle_duplicate(r5, 0x1, &AUTO) # ZX_ERR_ACCESS_DENIED zx_handle_duplicate(r1, 0x10, &AUTO) # ZX_ERR_INVALID_ARGS # Replace a job handle with the same rights. # The original handle is now invalid. zx_handle_replace(r4, 0x80000000, &AUTO=0x0) zx_object_get_info$ZX_INFO_HANDLE_VALID(r4, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE # Replacing a handle with rights that are not a subset of the original's rights should fail. # Even though zx_handle_replace returned an error, the handles we tried to replace are invalidated. zx_object_get_info$ZX_INFO_HANDLE_VALID(r5, 0x1, nil, 0, nil, nil) zx_object_get_info$ZX_INFO_HANDLE_VALID(r6, 0x1, nil, 0, nil, nil) zx_handle_replace(r5, 0x1, &AUTO) # ZX_ERR_INVALID_ARGS zx_handle_replace(r6, 0x10, &AUTO) # ZX_ERR_INVALID_ARGS zx_object_get_info$ZX_INFO_HANDLE_VALID(r5, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE zx_object_get_info$ZX_INFO_HANDLE_VALID(r6, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE # Close one of the socket handles. # This should block operations on the handle's peer. zx_handle_close(r2) zx_object_get_info$ZX_INFO_HANDLE_VALID(r2, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE zx_socket_read(r3, 0x0, &AUTO, 0x10, &AUTO) # ZX_ERR_PEER_CLOSED # Close the remaining handles. # Operations on those handles should now fail. zx_handle_close_many(&AUTO=[r0, r1, r3], 0x3) zx_object_get_info$ZX_INFO_HANDLE_VALID(r0, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE zx_object_get_info$ZX_INFO_HANDLE_VALID(r1, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE zx_object_get_info$ZX_INFO_HANDLE_VALID(r3, 0x1, nil, 0, nil, nil) # ZX_ERR_BAD_HANDLE zx_handle_duplicate(r0, 0x80000000, &AUTO) # ZX_ERR_BAD_HANDLE