bugfix: fix possible segfault during umount -a

mnt_context_get_mtab() doesn't set its return **tb argument on error,
and so in mnt_context_next_umount() mtab will remain uninitialized on
error, later resulting in cxt->mtab containing garbage, possibly
resulting in segfault on exit.

diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
index 45651b58e3b239e683a782a5aaa7520407088ee3..240ec3be69db77e097872e4102f453ed39fcf4aa 100644 (file)
--- a/libmount/src/context_umount.c
+++ b/libmount/src/context_umount.c
@@ -1003,11 +1003,12 @@ int mnt_context_next_umount(struct libmnt_context *cxt,
        rc = mnt_context_get_mtab(cxt, &mtab);
        cxt->mtab = NULL;               /* do not reset mtab */
        mnt_reset_context(cxt);
-       cxt->mtab = mtab;
 
        if (rc)
                return rc;
 
+       cxt->mtab = mtab;
+
        do {
                rc = mnt_table_next_fs(mtab, itr, fs);
                if (rc != 0)