4:16 a.m.
"localmountpoint" parameter is allocated in JNI before calling
mount_local and freed afterward. But guestfs handle keeps reference
to passed "localmountpoint" argument and will try to use and free it
in umount_local which leads to a crash because an attempt to access
already freed memory region.
It is not easy to fix on JNI side because the code is auto-generated.
And I don't think it should be fixed there.
However I doubt this patch is correct because this might lead to memory
leak for other language bindings or in C library.
I'd like to hear your thoughts how we should proceed in this situation.
---
lib/fuse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/fuse.c b/lib/fuse.c
index 9731db962..7df765b81 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char
*localmountpoint,
/* Set g->localmountpoint in the handle. */
gl_lock_lock (mount_local_lock);
- g->localmountpoint = localmountpoint;
+ g->localmountpoint = safe_strdup(g, localmountpoint);
gl_lock_unlock (mount_local_lock);
return 0;
--
2.17.0
4:34 a.m.
On Wed, May 02, 2018 at 12:16:32PM +0300, Mykola Ivanets wrote:
"localmountpoint" parameter is allocated in JNI before
calling
mount_local and freed afterward. But guestfs handle keeps reference
to passed "localmountpoint" argument and will try to use and free it
in umount_local which leads to a crash because an attempt to access
already freed memory region.
It is not easy to fix on JNI side because the code is auto-generated.
And I don't think it should be fixed there.
However I doubt this patch is correct because this might lead to memory
leak for other language bindings or in C library.
I'd like to hear your thoughts how we should proceed in this situation.
---
lib/fuse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/fuse.c b/lib/fuse.c
index 9731db962..7df765b81 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char
*localmountpoint,
/* Set g->localmountpoint in the handle. */
gl_lock_lock (mount_local_lock);
- g->localmountpoint = localmountpoint;
+ g->localmountpoint = safe_strdup(g, localmountpoint);
^ needs a space before the '('.
gl_lock_unlock (mount_local_lock);
return 0;
This patch is the right idea, but you also need to call
free (g->localmountpoint);
before all the places in the code where it is set to NULL. And also
in lib/handle.c:guestfs_close.
Thanks,
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
2396
days inactive
2396
days old
1 comments
2 participants
participants (2)
-
Mykola Ivanets -
Richard W.M. Jones