From: Tom Hromatka Date: Thu, 9 Jun 2022 19:05:23 +0000 (-0600) Subject: api.c: Fix handling of full cg_mount_table[] X-Git-Tag: v2.0.3~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9e63c7464793e41614b2509d049a671fe656768;p=thirdparty%2Flibcgroup.git api.c: Fix handling of full cg_mount_table[] Commit 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()") added logic to handle the case when there are 100+ cgroup mounts and not overflow the cg_mount_table[]. But elsewhere in the libcgroup code, it's expected that the last entry in the cg_mount_table[] has a null name entry. When the cg_mount_table[] is full, make the name of the last entry null so that loops know to exit. Also, add a couple bail out points in cgroup_populate_mount_points() to ensure that we don't write beyond the end of the table. Depending upon the order in which the tests are run, this failure can manifest itself as follows: $ cat tests/ftests/ftests-nocontainer.sh.log free(): invalid pointer ./ftests-nocontainer.sh: line 18: 199390 Aborted (core dumped) ./ftests.py -l 10 -L "$START_DIR/ftests-nocontainer.py.log" --no-container -n Libcg"$RANDOM" FAIL ftests-nocontainer.sh (exit status: 134) Fixes: 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()") Signed-off-by: Tom Hromatka Reviewed-by: Kamalesh Babulal (cherry picked from commit 50de38f821f5ea367f9a92a802a45659dc45614d) --- diff --git a/src/api.c b/src/api.c index 7f67657f..db1f5a53 100644 --- a/src/api.c +++ b/src/api.c @@ -1273,6 +1273,11 @@ out: if (*mnt_tbl_idx >= CG_CONTROLLER_MAX) { cgroup_err("Error: Mount points exceeds CG_CONTROLLER_MAX\n"); ret = ECGMAXVALUESEXCEEDED; + /* + * There are loops in the libcgroup codebase that expect there + * to be a null name entry at the end of the cg_mount_table[]. + */ + cg_mount_table[CG_CONTROLLER_MAX - 1].name[0] = '\0'; } return ret;