From c07fb791504cdfa32ff1be165758fcc624b26c2d Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Fri, 29 Nov 2024 02:38:49 +0900
Subject: [PATCH] Avoid file descriptor leak

`extra_fd` was leaked if `fd_set_cloexec` fails -- I can't think of any
chance of that happening here, but just in case.

Coverity Scan found this issue.
---
 process.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/process.c b/process.c
index 786ac6ca24..5fbc9be022 100644
--- a/process.c
+++ b/process.c
@@ -3368,6 +3368,7 @@ run_exec_dup2(VALUE ary, VALUE tmpbuf, struct rb_execarg *sargp, char *errmsg, s
             //   in #assert_close_on_exec because the FD_CLOEXEC is not dup'd by default
             if (fd_get_cloexec(pairs[i].oldfd, errmsg, errmsg_buflen)) {
                 if (fd_set_cloexec(extra_fd, errmsg, errmsg_buflen)) {
+                    close(extra_fd);
                     goto fail;
                 }
             }