fs: Handle case where old FD == new FD in fs_dup2()

pcercuei · QuzarDC · commit 35d8e0275c3f · 2026-04-06T13:24:29.000-04:00
Previously, when the same FD was passed as both the new and old FD to
fs_dup2(), the algorithm would close the FD then try to get a reference
to a NULL pointer.

Address this issue by following the POSIX spec, and return the FD
directly, with its reference count incremented.

Signed-off-by: Paul Cercueil &lt;paul@crapouillou.net&gt;
diff --git a/kernel/fs/fs.c b/kernel/fs/fs.c
@@ -309,6 +309,9 @@ file_t fs_dup2(file_t oldfd, file_t newfd) {
         return -1;
     }
 
+    if(oldfd == newfd)
+        goto out_get_ref;
+
     do {
         prev = fd_table[newfd];
         if(prev) {
@@ -319,6 +322,7 @@ file_t fs_dup2(file_t oldfd, file_t newfd) {
     } while(!atomic_compare_exchange_strong(&fd_table[newfd],
                                             &prev, fd_table[oldfd]));
 
+out_get_ref:
     fs_hnd_ref(fd_table[newfd]);
 
     return newfd;
