commit 2ecc1ee8e8b951caf595be17d0e34b090634260a
author asiva <asiva@google.com> Wed May 28 10:28:20 2025 -0700
committer Commit Queue <dart-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed May 28 10:28:20 2025 -0700
tree 2412c08108bbf4b4c61a46d8f0728790e9e89e49
parent 395947051e064efb75f6b914edfa66b95252ff33

Close open file descriptors that are not needed during process spawn or exec.

TEST=ci

Change-Id: I8ee94b4f54bcb858646739cc6e9add333a25a724
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/430841
Reviewed-by: Ryan Macnak <rmacnak@google.com>
Commit-Queue: Siva Annamalai <asiva@google.com>

runtime/bin/process_linux.cc

diff --git a/runtime/bin/process_linux.cc b/runtime/bin/process_linux.cc
index 3113dc5..9778dd6 100644
--- a/runtime/bin/process_linux.cc
+++ b/runtime/bin/process_linux.cc
@@ -518,14 +518,17 @@
       if (TEMP_FAILURE_RETRY(dup2(write_out_[0], STDIN_FILENO)) == -1) {
         ReportChildError();
       }
+      close(write_out_[0]);
 
       if (TEMP_FAILURE_RETRY(dup2(read_in_[1], STDOUT_FILENO)) == -1) {
         ReportChildError();
       }
+      close(read_in_[1]);
 
       if (TEMP_FAILURE_RETRY(dup2(read_err_[1], STDERR_FILENO)) == -1) {
         ReportChildError();
       }
+      close(read_err_[1]);
     } else {
       ASSERT(mode_ == kInheritStdio);
     }
@@ -939,6 +942,7 @@
     Utils::StrError(errno, errmsg, errmsg_len);
     return -1;
   }
+
   // TODO(dart:io) Test for the existence of execveat, and use it instead.
   execvp(const_cast<const char*>(realpath),
          const_cast<char* const*>(arguments));

runtime/bin/process_macos.cc

diff --git a/runtime/bin/process_macos.cc b/runtime/bin/process_macos.cc
index 7ebcf63..9bae25e 100644
--- a/runtime/bin/process_macos.cc
+++ b/runtime/bin/process_macos.cc
@@ -450,14 +450,17 @@
       if (TEMP_FAILURE_RETRY(dup2(write_out_[0], STDIN_FILENO)) == -1) {
         ReportChildError();
       }
+      close(write_out_[0]);
 
       if (TEMP_FAILURE_RETRY(dup2(read_in_[1], STDOUT_FILENO)) == -1) {
         ReportChildError();
       }
+      close(read_in_[1]);
 
       if (TEMP_FAILURE_RETRY(dup2(read_err_[1], STDERR_FILENO)) == -1) {
         ReportChildError();
       }
+      close(read_err_[1]);
     } else {
       ASSERT(mode_ == kInheritStdio);
     }
@@ -630,34 +633,28 @@
   }
 
   void SetupDetachedWithStdio() {
-    // Close all open file descriptors except for
-    // exec_control_[1], write_out_[0], read_in_[1] and
-    // read_err_[1].
-    int max_fds = sysconf(_SC_OPEN_MAX);
-    if (max_fds == -1) {
-      max_fds = _POSIX_OPEN_MAX;
-    }
-    for (int fd = 0; fd < max_fds; fd++) {
-      if ((fd != exec_control_[1]) && (fd != write_out_[0]) &&
-          (fd != read_in_[1]) && (fd != read_err_[1])) {
-        close(fd);
-      }
-    }
-
     if (TEMP_FAILURE_RETRY(dup2(write_out_[0], STDIN_FILENO)) == -1) {
       ReportChildError();
     }
-    close(write_out_[0]);
 
     if (TEMP_FAILURE_RETRY(dup2(read_in_[1], STDOUT_FILENO)) == -1) {
       ReportChildError();
     }
-    close(read_in_[1]);
 
     if (TEMP_FAILURE_RETRY(dup2(read_err_[1], STDERR_FILENO)) == -1) {
       ReportChildError();
     }
-    close(read_err_[1]);
+
+    // Close all open file descriptors except for std* and exec_control_[1].
+    int max_fds = sysconf(_SC_OPEN_MAX);
+    if (max_fds == -1) {
+      max_fds = _POSIX_OPEN_MAX;
+    }
+    for (int fd = 3; fd < max_fds; fd++) {
+      if (fd != exec_control_[1]) {
+        close(fd);
+      }
+    }
   }
 
   int CleanupAndReturnError() {