From 04d7a3414ac19f3042779e067e0574809034dc4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= <erik.sjolund@gmail.com>
Date: Sat, 14 Feb 2026 08:27:26 +0100
Subject: [PATCH] cloned_binary: do not close file descriptor twice
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes: https://github.com/containers/crun/issues/2013

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
---
 src/libcrun/cloned_binary.c | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/libcrun/cloned_binary.c b/src/libcrun/cloned_binary.c
index c7e82f633c..3280fdda5d 100644
--- a/src/libcrun/cloned_binary.c
+++ b/src/libcrun/cloned_binary.c
@@ -466,7 +466,6 @@ static ssize_t fd_to_fd(int outfd, int infd)
 
 static int clone_binary(void)
 {
-	cleanup_close int binfd = -1;
 	cleanup_close int execfd = -1;
 	struct stat statbuf = {};
 	ssize_t sent = 0;
@@ -499,24 +498,26 @@ static int clone_binary(void)
 	if (execfd < 0 || fdtype == EFD_NONE)
 		return -ENOTRECOVERABLE;
 
-	binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
-	if (binfd < 0)
-		goto error;
+	{
+		cleanup_close int binfd = -1;
+		binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
+		if (binfd < 0)
+			goto error;
 
-	if (fstat(binfd, &statbuf) < 0)
-		goto error;
+		if (fstat(binfd, &statbuf) < 0)
+			goto error;
 
-	while (sent < statbuf.st_size) {
-		int n = sendfile(execfd, binfd, NULL, statbuf.st_size - sent);
-		if (n < 0) {
-			/* sendfile can fail so we fallback to a dumb user-space copy. */
-			n = fd_to_fd(execfd, binfd);
-			if (n < 0)
-				goto error;
+		while (sent < statbuf.st_size) {
+			int n = sendfile(execfd, binfd, NULL, statbuf.st_size - sent);
+			if (n < 0) {
+				/* sendfile can fail so we fallback to a dumb user-space copy. */
+				n = fd_to_fd(execfd, binfd);
+				if (n < 0)
+					goto error;
+			}
+			sent += n;
 		}
-		sent += n;
 	}
-	close(binfd);
 	if (sent != statbuf.st_size)
 		goto error;