api.c: Fix handling of full cg_mount_table[]

Commit 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()")
added logic to handle the case when there are 100+ cgroup mounts and
not overflow the cg_mount_table[].  But elsewhere in the libcgroup
code, it's expected that the last entry in the cg_mount_table[] has
a null name entry.

When the cg_mount_table[] is full, make the name of the last entry
null so that loops know to exit.  Also, add a couple bail out points
in cgroup_populate_mount_points() to ensure that we don't write
beyond the end of the table.

Depending upon the order in which the tests are run, this failure can
manifest itself as follows:
	$ cat tests/ftests/ftests-nocontainer.sh.log
	free(): invalid pointer
	./ftests-nocontainer.sh: line 18: 199390 Aborted
	(core dumped) ./ftests.py -l 10 -L "$START_DIR/ftests-nocontainer.py.log" --no-container -n Libcg"$RANDOM"
	FAIL ftests-nocontainer.sh (exit status: 134)

Fixes: 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()")
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
(cherry picked from commit 50de38f821f5ea367f9a92a802a45659dc45614d)

diff --git a/src/api.c b/src/api.c
index 7f67657feff918a87d12981dc25705f42be16825..db1f5a531454292ec69598ed13fb9f14ccd132fd 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -1273,6 +1273,11 @@ out:
        if (*mnt_tbl_idx >= CG_CONTROLLER_MAX) {
                cgroup_err("Error: Mount points exceeds CG_CONTROLLER_MAX\n");
                ret = ECGMAXVALUESEXCEEDED;
+               /*
+                * There are loops in the libcgroup codebase that expect there
+                * to be a null name entry at the end of the cg_mount_table[].
+                */
+               cg_mount_table[CG_CONTROLLER_MAX - 1].name[0] = '\0';
        }
 
        return ret;