mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuse: mount_local: Fix crash when called from Java binding.

Browse Source 
"localmountpoint" parameter is allocated in JNI before calling
mount_local and freed afterward.  But guestfs handle keeps reference
to passed "localmountpoint" parameter and will try to access it in
umount_local and free after mount_local_run caller thread ends
which leads to a crash (an attempt to access to already freed memory).

RWMJ: Remove ‘const’ from definition of localmountpoint, and
wrap a comment at 80 columns.
This commit is contained in:
Mykola Ivanets
2018-05-02 13:19:24 +03:00
committed by Richard W.M. Jones
parent 994ca1f8eb
commit 296370fb86
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/fuse.c
View File

@@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char *localmountpoint,
/* Set g->localmountpoint in the handle. */
gl_lock_lock (mount_local_lock);
g->localmountpoint = localmountpoint;
g->localmountpoint = safe_strdup (g, localmountpoint);
gl_lock_unlock (mount_local_lock);
return 0;
@@ -1090,6 +1090,7 @@ guestfs_impl_mount_local_run (guestfs_h *g)
guestfs_int_free_fuse (g);
gl_lock_lock (mount_local_lock);
free (g->localmountpoint);
g->localmountpoint = NULL;
gl_lock_unlock (mount_local_lock);
@@ -1148,7 +1149,8 @@ guestfs_impl_umount_local (guestfs_h *g,
return -1;
if (WIFEXITED (r) && WEXITSTATUS (r) == EXIT_SUCCESS)
/* External fusermount succeeded. Note that the original thread
* is responsible for setting g->localmountpoint to NULL.
* is responsible for freeing memory and setting
* g->localmountpoint to NULL.
*/
return 0;

2
lib/guestfs-internal.h
View File

@@ -488,7 +488,7 @@ struct guestfs_h {
#if HAVE_FUSE
/**** Used by the mount-local APIs. ****/
const char *localmountpoint;
char *localmountpoint;
struct fuse *fuse; /* FUSE handle. */
int ml_dir_cache_timeout; /* Directory cache timeout. */
Hash_table *lsc_ht, *xac_ht, *rlc_ht; /* Directory cache. */

1
lib/handle.c
View File

@@ -399,6 +399,7 @@ guestfs_close (guestfs_h *g)
free (g->hv);
free (g->backend);
free (g->backend_data);
free (g->localmountpoint);
guestfs_int_free_string_list (g->backend_settings);
free (g->append);
guestfs_int_free_error_data_list (g);