[Libguestfs] [RFC] fuse: mount_local: Fix crash when called from Java binding

Wed May 2 09:16:32 UTC 2018

"localmountpoint" parameter is allocated in JNI before calling
mount_local and freed afterward. But guestfs handle keeps reference
to passed "localmountpoint" argument and will try to use and free it
in umount_local which leads to a crash because an attempt to access
already freed memory region.

It is not easy to fix on JNI side because the code is auto-generated.
And I don't think it should be fixed there.
However I doubt this patch is correct because this might lead to memory
leak for other language bindings or in C library.

I'd like to hear your thoughts how we should proceed in this situation.
---
 lib/fuse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/fuse.c b/lib/fuse.c
index 9731db962..7df765b81 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -1047,7 +1047,7 @@ guestfs_impl_mount_local (guestfs_h *g, const char *localmountpoint,
 
   /* Set g->localmountpoint in the handle. */
   gl_lock_lock (mount_local_lock);
-  g->localmountpoint = localmountpoint;
+  g->localmountpoint = safe_strdup(g, localmountpoint);
   gl_lock_unlock (mount_local_lock);
 
   return 0;
-- 
2.17.0


