From f958101d2ea55174f8cd584efe41d4cefa9578c6 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 17 Apr 2018 09:40:20 -0400 Subject: [PATCH] bugfix: fix possible segfault during umount -a mnt_context_get_mtab() doesn't set its return **tb argument on error, and so in mnt_context_next_umount() mtab will remain uninitialized on error, later resulting in cxt->mtab containing garbage, possibly resulting in segfault on exit. --- libmount/src/context_umount.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c index 45651b58e..240ec3be6 100644 --- a/libmount/src/context_umount.c +++ b/libmount/src/context_umount.c @@ -1003,11 +1003,12 @@ int mnt_context_next_umount(struct libmnt_context *cxt, rc = mnt_context_get_mtab(cxt, &mtab); cxt->mtab = NULL; /* do not reset mtab */ mnt_reset_context(cxt); - cxt->mtab = mtab; if (rc) return rc; + cxt->mtab = mtab; + do { rc = mnt_table_next_fs(mtab, itr, fs); if (rc != 0) -- 2.16.3