From a9e63c7464793e41614b2509d049a671fe656768 Mon Sep 17 00:00:00 2001 From: Tom Hromatka Date: Thu, 9 Jun 2022 13:05:23 -0600 Subject: [PATCH] api.c: Fix handling of full cg_mount_table[] Commit 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()") added logic to handle the case when there are 100+ cgroup mounts and not overflow the cg_mount_table[]. But elsewhere in the libcgroup code, it's expected that the last entry in the cg_mount_table[] has a null name entry. When the cg_mount_table[] is full, make the name of the last entry null so that loops know to exit. Also, add a couple bail out points in cgroup_populate_mount_points() to ensure that we don't write beyond the end of the table. Depending upon the order in which the tests are run, this failure can manifest itself as follows: $ cat tests/ftests/ftests-nocontainer.sh.log free(): invalid pointer ./ftests-nocontainer.sh: line 18: 199390 Aborted (core dumped) ./ftests.py -l 10 -L "$START_DIR/ftests-nocontainer.py.log" --no-container -n Libcg"$RANDOM" FAIL ftests-nocontainer.sh (exit status: 134) Fixes: 9ce90c7edd28 ("api.c: fix segfault in cgroup_populate_mount_points()") Signed-off-by: Tom Hromatka Reviewed-by: Kamalesh Babulal (cherry picked from commit 50de38f821f5ea367f9a92a802a45659dc45614d) --- src/api.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/api.c b/src/api.c index 7f67657f..db1f5a53 100644 --- a/src/api.c +++ b/src/api.c @@ -1273,6 +1273,11 @@ out: if (*mnt_tbl_idx >= CG_CONTROLLER_MAX) { cgroup_err("Error: Mount points exceeds CG_CONTROLLER_MAX\n"); ret = ECGMAXVALUESEXCEEDED; + /* + * There are loops in the libcgroup codebase that expect there + * to be a null name entry at the end of the cg_mount_table[]. + */ + cg_mount_table[CG_CONTROLLER_MAX - 1].name[0] = '\0'; } return ret; -- 2.47.2