Libguestfs - May 2018 - [PATCH libldm v2 1/1] Fix crash while creating mapper for a volume which lacks of partitions.

v1 was here:
https://www.redhat.com/archives/libguestfs/2018-May/msg00058.html

v2:
   - more correct explanation of a crash reason.

Mykola Ivanets (1):
  Fix crash while creating mapper for a volume which lacks of
    partitions.

 src/ldm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

-- 
2.17.0

How to reproduce:
1. Extract test images from test/data/ldm-data.tar.xz
2. losetup --show -f test/data/ldm-2003r2-simple-1.img
   Let's assume image file was associated with /dev/loop0
3. ldmtool -d /dev/loop0 create all

Result: One LDM volume which contains all required components on the
associated loop device will be mapped but application crashes on further
attempt to do the same for incomplete volumes with error "Error in
`ldmtool': free(): invalid pointer: 0x.......".


Reason: _dm_create_spanned and _dm_create_striped functions define
static local variable "static GString *name" which is at the same time
a
function return value.  So variable remains its value in between of
function calls.  "name" pointer will be initialized if
spanned/stripped
volume is successfully created.  It is passed up the call stack and is
freed in _ldm_vol_action function.  Next call to the same function with
an attempt to create the volume which misses some partition will fail.
"goto out" statement is executed and pointer to an already freed block
of memory will be returned.
---
 src/ldm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ldm.c b/src/ldm.c
index 19a0663..e112ae0 100644
--- a/src/ldm.c
+++ b/src/ldm.c
@@ -2615,7 +2615,7 @@ _dm_create_part(const LDMPartitionPrivate * const part,
uint32_t cookie,
 static GString *
 _dm_create_spanned(const LDMVolumePrivate * const vol, GError ** const err)
 {
-    static GString *name = NULL;
+    GString *name = NULL;
     guint i = 0;
     struct dm_target *targets = g_malloc(sizeof(*targets) *
vol->parts->len);
 
@@ -2682,7 +2682,7 @@ out:
 static GString *
 _dm_create_striped(const LDMVolumePrivate * const vol, GError ** const err)
 {
-    static GString *name = NULL;
+    GString *name = NULL;
     struct dm_target target;
 
     target.start = 0;
@@ -2961,7 +2961,7 @@ ldm_volume_dm_create(const LDMVolume * const o, GString
**created,
         return TRUE;
     }
     dm_tree_free(tree); tree = NULL;
-    g_string_free(name, TRUE);
+    g_string_free(name, TRUE); name = NULL;
 
     switch (vol->type) {
     case LDM_VOLUME_TYPE_SIMPLE:
-- 
2.17.0