After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 685248 - [PATCH] Crash in fuse unmount
[PATCH] Crash in fuse unmount
Status: RESOLVED FIXED
Product: gvfs
Classification: Core
Component: fuse
1.14.x
Other Linux
: Normal critical
: ---
Assigned To: gvfs-maint
gvfs-maint
Depends on:
Blocks:
 
 
Reported: 2012-10-01 20:56 UTC by Michael Terry
Modified: 2012-10-02 14:18 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Proposed patch (901 bytes, patch)
2012-10-01 20:57 UTC, Michael Terry
accepted-commit_now Details | Review

Description Michael Terry 2012-10-01 20:56:18 UTC
Hello!  This is downstream bug https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1053561

To reproduce:
1) Mount an ISO image
2) Unmount it

You'll get a crash like https://launchpadlibrarian.net/116735589/Stacktrace.txt

Looking at the code, I believe I understand what's happening.

gdaemonmount.c puts mount_info->stable_name into the "g-stable-name" data field on a mount object.  It does not strdup it, but that's fine because it does add a ref on the mount_info itself.

The problem comes when gvfsfusedaemon.c creates new MountRecords.  In mount_record_new, it saves a pointer to "g-stable-name", again without strdup'ing it.  This is a bit dangerous, because it doesn't save a ref to the mount or anything.  And it becomes suicidal when during mount_record_free, it tries to g_free that string.

This will cause a crash way back in g_mount_info_unref when the GMountInfo object is finally free'd because stable_name is already gone.

Patch coming that will add a g_strdup to mount_record_new.
Comment 1 Michael Terry 2012-10-01 20:57:24 UTC
Created attachment 225535 [details] [review]
Proposed patch
Comment 2 Tomas Bzatek 2012-10-02 12:23:42 UTC
Review of attachment 225535 [details] [review]:

I was looking at this yesterday, was getting consistent crashes in completely unrelated code that didn't indicate the real issue.

Tried your patch, seems to fix the issue. Good work, thanks for spotting this!

Please commit to master and also gnome-3-6 stable branch.
Comment 3 Michael Terry 2012-10-02 14:18:35 UTC
master:

commit 867cd04972606757549c64f8407edbbbe49d9555
Author: Michael Terry <michael.terry@canonical.com>
Date:   Mon Oct 1 16:56:44 2012 -0400

    fuse: don't crash on unmount
    
    https://bugzilla.gnome.org/show_bug.cgi?id=685248

gnome-3.6:

commit 46b18b554e9fba90998ae1ebf4196233953f78ad
Author: Michael Terry <michael.terry@canonical.com>
Date:   Mon Oct 1 16:56:44 2012 -0400

    fuse: don't crash on unmount
    
    https://bugzilla.gnome.org/show_bug.cgi?id=685248