executor/fuchsia: close vmo handle in syz_mmap.

This commit fixes a handle leak in syz_mmap. The bug was pointed out by
mdempsky during a code review.

The `syz_mmap` function creates a VMO and maps it to a VMAR in the address
specified by the `syz_mmap` parameters. Once a VMO is mapped to a vmar,
the handle to the vmo can be closed without problems.

The new code makes sure that `zx_handle_close(vmo_handle)` gets called before
the `syz_mmap` function returns.

executor/common_fuchsia.h

@@ -185,12 +185,19 @@ long syz_mmap(size_t addr, size_t size)
 	status = zx_vmo_replace_as_executable(vmo, ZX_HANDLE_INVALID, &vmo);
 	if (status != ZX_OK) {
 		debug("zx_vmo_replace_as_executable failed with: %d\n", status);
+		// Don't need to zx_handle_close(vmo) because
+		// zx_vmo_replace_as_executable already invalidates it.
 		return status;
 	}
 	uintptr_t mapped_addr;
 	status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE | ZX_VM_FLAG_PERM_EXECUTE,
 			     addr - info.base, vmo, 0, size,
 			     &mapped_addr);
+
+	zx_status_t close_vmo_status = zx_handle_close(vmo);
+	if (close_vmo_status != ZX_OK) {
+		debug("zx_handle_close(vmo) failed with: %d\n", close_vmo_status);
+	}
 	return status;
 }
 #endif

pkg/csource/generated.go

@@ -957,6 +957,11 @@ long syz_mmap(size_t addr, size_t size)
 	status = zx_vmar_map(root, ZX_VM_FLAG_SPECIFIC_OVERWRITE | ZX_VM_FLAG_PERM_READ | ZX_VM_FLAG_PERM_WRITE | ZX_VM_FLAG_PERM_EXECUTE,
 			     addr - info.base, vmo, 0, size,
 			     &mapped_addr);
+
+	zx_status_t close_vmo_status = zx_handle_close(vmo);
+	if (close_vmo_status != ZX_OK) {
+		debug("zx_handle_close(vmo) failed with: %d\n", close_vmo_status);
+	}
 	return status;
 }
 #endif