nspawn: fix memleak uncovered by fuzzer

This is almost the same as 0e636bf51a. I looked through the code,
and I don't see any more instances of this pattern, so hopefully this
will be the last one.

https://oss-fuzz.com/issue/5660094128193536/13691.

diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 13f50b2d37b9cca7f020b2fc4de5e4cdb4a0f8a3..dceacf61ae6144afd37e7f166c593bb453e58444 100644 (file)
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -304,7 +304,7 @@ int overlay_mount_parse(CustomMount **l, size_t *n, const char *s, bool read_onl
                 /* If the upper directory is unspecified, then let's create it automatically as a throw-away directory
                  * in /var/tmp */
                 if (isempty(upper))
-                        upper = NULL;
+                        upper = mfree(upper);
                 else if (!source_path_is_valid(upper))
                         return -EINVAL;
 

diff --git a/test/fuzz/fuzz-nspawn-settings/oss-fuzz-13691 b/test/fuzz/fuzz-nspawn-settings/oss-fuzz-13691
new file mode 100644 (file)
index 0000000..51f46e3
--- /dev/null
+++ b/test/fuzz/fuzz-nspawn-settings/oss-fuzz-13691
@@ -0,0 +1,2 @@
+[Files]
+Overlay=/::
\ No newline at end of file