From 296370fb86e96eec095d86faf6de8f532395ea54 Mon Sep 17 00:00:00 2001 From: Mykola Ivanets Date: Wed, 2 May 2018 13:19:24 +0300 Subject: [PATCH] fuse: mount_local: Fix crash when called from Java binding. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "localmountpoint" parameter is allocated in JNI before calling mount_local and freed afterward. But guestfs handle keeps reference to passed "localmountpoint" parameter and will try to access it in umount_local and free after mount_local_run caller thread ends which leads to a crash (an attempt to access to already freed memory). RWMJ: Remove ‘const’ from definition of localmountpoint, and wrap a comment at 80 columns. --- lib/fuse.c | 6 ++++-- lib/guestfs-internal.h | 2 +- lib/handle.c | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/fuse.c b/lib/fuse.c index 9731db962..1ac42330d 100644 --- a/lib/fuse.c +++ b/lib/fuse.c @@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char *localmountpoint, /* Set g->localmountpoint in the handle. */ gl_lock_lock (mount_local_lock); - g->localmountpoint = localmountpoint; + g->localmountpoint = safe_strdup (g, localmountpoint); gl_lock_unlock (mount_local_lock); return 0; @@ -1090,6 +1090,7 @@ guestfs_impl_mount_local_run (guestfs_h *g) guestfs_int_free_fuse (g); gl_lock_lock (mount_local_lock); + free (g->localmountpoint); g->localmountpoint = NULL; gl_lock_unlock (mount_local_lock); @@ -1148,7 +1149,8 @@ guestfs_impl_umount_local (guestfs_h *g, return -1; if (WIFEXITED (r) && WEXITSTATUS (r) == EXIT_SUCCESS) /* External fusermount succeeded. Note that the original thread - * is responsible for setting g->localmountpoint to NULL. + * is responsible for freeing memory and setting + * g->localmountpoint to NULL. */ return 0; diff --git a/lib/guestfs-internal.h b/lib/guestfs-internal.h index be7d8c0a1..adeb9478a 100644 --- a/lib/guestfs-internal.h +++ b/lib/guestfs-internal.h @@ -488,7 +488,7 @@ struct guestfs_h { #if HAVE_FUSE /**** Used by the mount-local APIs. ****/ - const char *localmountpoint; + char *localmountpoint; struct fuse *fuse; /* FUSE handle. */ int ml_dir_cache_timeout; /* Directory cache timeout. */ Hash_table *lsc_ht, *xac_ht, *rlc_ht; /* Directory cache. */ diff --git a/lib/handle.c b/lib/handle.c index 449ab42a6..bc45d29b2 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -399,6 +399,7 @@ guestfs_close (guestfs_h *g) free (g->hv); free (g->backend); free (g->backend_data); + free (g->localmountpoint); guestfs_int_free_string_list (g->backend_settings); free (g->append); guestfs_int_free_error_data_list (g);