libmount: avoid infinite loop in child fs iteration

In early userspace, the rootfs is mounted with itself as its parent.
Example /proc/self/mountinfo:

1 1 0:1 / / rw - rootfs rootfs rw
14 1 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
15 1 0:13 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sys rw
16 1 0:5 / /dev rw,nosuid,relatime - devtmpfs dev rw,size=506956k
17 1 0:14 / /run rw,nosuid,nodev,relatime - tmpfs run rw,mode=755

This causes an infinite loop in mnt_table_next_child_fs, and is
evidenced by a crash via infinite recursion in findmnt. Simply catch the
condition where the ID of the parent is the ID of the current fs we're
examining and skip over it to the next mount in the table.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>

diff --git a/libmount/src/tab.c b/libmount/src/tab.c
index 9992c9cf17f80501a90825507998e177f7dc9758..54d58c88015cb5b39aed88623935c999f40df551 100644 (file)
--- a/libmount/src/tab.c
+++ b/libmount/src/tab.c
@@ -286,6 +286,11 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
 
                id = mnt_fs_get_id(fs);
 
+               /* avoid infinite loop. This only happens in rare cases
+                * such as in early userspace when the rootfs is its own parent */
+               if (id == parent_id)
+                       continue;
+
                if ((!lastchld_id || id > lastchld_id) &&
                    (!*chld || id < chld_id)) {
                        *chld = fs;