Libguestfs - May 2018 - [RFC] fuse: mount_local: Fix crash when called from Java binding

"localmountpoint" parameter is allocated in JNI before calling
mount_local and freed afterward. But guestfs handle keeps reference
to passed "localmountpoint" argument and will try to use and free it
in umount_local which leads to a crash because an attempt to access
already freed memory region.

It is not easy to fix on JNI side because the code is auto-generated.
And I don't think it should be fixed there.
However I doubt this patch is correct because this might lead to memory
leak for other language bindings or in C library.

I'd like to hear your thoughts how we should proceed in this situation.
---
 lib/fuse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/fuse.c b/lib/fuse.c
index 9731db962..7df765b81 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char
*localmountpoint,
 
   /* Set g->localmountpoint in the handle. */
   gl_lock_lock (mount_local_lock);
-  g->localmountpoint = localmountpoint;
+  g->localmountpoint = safe_strdup(g, localmountpoint);
   gl_lock_unlock (mount_local_lock);
 
   return 0;
-- 
2.17.0

On Wed, May 02, 2018 at 12:16:32PM +0300, Mykola Ivanets
wrote:
> "localmountpoint" parameter is allocated in JNI before calling
> mount_local and freed afterward. But guestfs handle keeps reference
> to passed "localmountpoint" argument and will try to use and free
it
> in umount_local which leads to a crash because an attempt to access
> already freed memory region.
> 
> It is not easy to fix on JNI side because the code is auto-generated.
> And I don't think it should be fixed there.
> However I doubt this patch is correct because this might lead to memory
> leak for other language bindings or in C library.
> 
> I'd like to hear your thoughts how we should proceed in this situation.
> ---
>  lib/fuse.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/fuse.c b/lib/fuse.c
> index 9731db962..7df765b81 100644
> --- a/lib/fuse.c
> +++ b/lib/fuse.c
> @@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char
*localmountpoint,
>  
>    /* Set g->localmountpoint in the handle. */
>    gl_lock_lock (mount_local_lock);
> -  g->localmountpoint = localmountpoint;
> +  g->localmountpoint = safe_strdup(g, localmountpoint);
^ needs a space before the '('.
>    gl_lock_unlock (mount_local_lock);
>  
>    return 0;
This patch is the right idea, but you also need to call

  free (g->localmountpoint);

before all the places in the code where it is set to NULL.  And also
in lib/handle.c:guestfs_close.

Thanks,

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top