With -a, the jump to mount_it_now can skip the initialization of f, and

if we don't zero it after closing it we re-close a filehandle that isn't open, and since this is a file _pointer_ it segfaults on a double free. Yeah, subtle bug. I need to break this out into separate functions if I can figure out how to avoid making the code larger while doing so. Part of the general -a and -o remount work I need to do, but that's after 1.1.0...
2006-01-10 05:30:28 +00:00 · 2006-01-10 05:30:28 +00:00 · 71d6ccd801
commit 71d6ccd801
parent 8b0efdb1a1
1 changed files with 5 additions and 2 deletions
--- a/util-linux/mount.c
+++ b/util-linux/mount.c
@ -327,8 +327,11 @@ mount_it_now:
 				}
 				if(!rc || !f) break;
 			}
-			if(f) fclose(f);
-			if(!f || !rc) break;
+			if(!f) break;
+			fclose(f);
+			// goto mount_it_now with -a can jump past the initialization
+			f=0;
+			if(!rc) break;
 		}

 		/* If the mount was successful, and we're maintaining an old-style