GNOME Bugzilla – Bug 685248
[PATCH] Crash in fuse unmount
Last modified: 2012-10-02 14:18:35 UTC
Hello! This is downstream bug https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1053561 To reproduce: 1) Mount an ISO image 2) Unmount it You'll get a crash like https://launchpadlibrarian.net/116735589/Stacktrace.txt Looking at the code, I believe I understand what's happening. gdaemonmount.c puts mount_info->stable_name into the "g-stable-name" data field on a mount object. It does not strdup it, but that's fine because it does add a ref on the mount_info itself. The problem comes when gvfsfusedaemon.c creates new MountRecords. In mount_record_new, it saves a pointer to "g-stable-name", again without strdup'ing it. This is a bit dangerous, because it doesn't save a ref to the mount or anything. And it becomes suicidal when during mount_record_free, it tries to g_free that string. This will cause a crash way back in g_mount_info_unref when the GMountInfo object is finally free'd because stable_name is already gone. Patch coming that will add a g_strdup to mount_record_new.
Created attachment 225535 [details] [review] Proposed patch
Review of attachment 225535 [details] [review]: I was looking at this yesterday, was getting consistent crashes in completely unrelated code that didn't indicate the real issue. Tried your patch, seems to fix the issue. Good work, thanks for spotting this! Please commit to master and also gnome-3-6 stable branch.
master: commit 867cd04972606757549c64f8407edbbbe49d9555 Author: Michael Terry <michael.terry@canonical.com> Date: Mon Oct 1 16:56:44 2012 -0400 fuse: don't crash on unmount https://bugzilla.gnome.org/show_bug.cgi?id=685248 gnome-3.6: commit 46b18b554e9fba90998ae1ebf4196233953f78ad Author: Michael Terry <michael.terry@canonical.com> Date: Mon Oct 1 16:56:44 2012 -0400 fuse: don't crash on unmount https://bugzilla.gnome.org/show_bug.cgi?id=685248