From 780f79420073e0c09cd41afea28ac217a6d4ef29 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Fri, 26 Jun 2020 12:59:32 +0200
Subject: [PATCH 49/55] libmount: (parser) fix memory leak on error before
 end-of-file

Let's simplify the loop where we add FS to the table. The optimization
for recoverable errors is a fragile overkill. The new code always
allocates and unrefs FS for each loop.

Addresses: https://github.com/karelzak/util-linux/pull/1068
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1900498
Upstream: http://github.com/karelzak/util-linux/commit/fe0d12d4f82269096f8d0cffc51ca9590814c284
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libmount/src/fs.c        |  2 +-
 libmount/src/tab_parse.c | 49 ++++++++++++++++++++++------------------
 2 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/libmount/src/fs.c b/libmount/src/fs.c
index def32253c..aae4961c3 100644
--- a/libmount/src/fs.c
+++ b/libmount/src/fs.c
@@ -34,7 +34,7 @@ struct libmnt_fs *mnt_new_fs(void)
 
 	fs->refcount = 1;
 	INIT_LIST_HEAD(&fs->ents);
-	/*DBG(FS, ul_debugobj(fs, "alloc"));*/
+	DBG(FS, ul_debugobj(fs, "alloc"));
 	return fs;
 }
 
diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
index 10fc68279..719c1abca 100644
--- a/libmount/src/tab_parse.c
+++ b/libmount/src/tab_parse.c
@@ -608,7 +608,6 @@ static int __table_parse_stream(struct libmnt_table *tb, FILE *f, const char *fi
 	int rc = -1;
 	int flags = 0;
 	pid_t tid = -1;
-	struct libmnt_fs *fs = NULL;
 	struct libmnt_parser pa = { .line = 0 };
 
 	assert(tb);
@@ -628,19 +627,25 @@ static int __table_parse_stream(struct libmnt_table *tb, FILE *f, const char *fi
 	if (filename && strcmp(filename, _PATH_PROC_MOUNTS) == 0)
 		flags = MNT_FS_KERNEL;
 
-	while (!feof(f)) {
-		if (!fs) {
-			fs = mnt_new_fs();
-			if (!fs)
-				goto err;
+	do {
+		struct libmnt_fs *fs;
+
+		if (feof(f)) {
+			DBG(TAB, ul_debugobj(tb, "end-of-file"));
+			break;
 		}
+		fs = mnt_new_fs();
+		if (!fs)
+			goto err;
 
+		/* parse */
 		rc = mnt_table_parse_next(&pa, tb, fs);
 
-		if (!rc && tb->fltrcb && tb->fltrcb(fs, tb->fltrcb_data))
-			rc = 1;	/* filtered out by callback... */
+		if (rc != 0 && tb->fltrcb && tb->fltrcb(fs, tb->fltrcb_data))
+			rc = 1;	/* error filtered out by callback... */
 
-		if (!rc) {
+		/* add to the table */
+		if (rc == 0) {
 			rc = mnt_table_add_fs(tb, fs);
 			fs->flags |= flags;
 
@@ -651,21 +656,21 @@ static int __table_parse_stream(struct libmnt_table *tb, FILE *f, const char *fi
 			}
 		}
 
-		if (rc) {
-			if (rc > 0) {
-				mnt_reset_fs(fs);
-				assert(fs->refcount == 1);
-				continue;	/* recoverable error, reuse fs*/
-			}
+		/* remove refernece (or deallocate on error) */
+		mnt_unref_fs(fs);
 
-			mnt_unref_fs(fs);
-			if (feof(f))
-				break;
-			goto err;		/* fatal error */
+		/* recoverable error */
+		if (rc > 0) {
+			DBG(TAB, ul_debugobj(tb, "recoverable error (continue)"));
+			continue;
 		}
-		mnt_unref_fs(fs);
-		fs = NULL;
-	}
+
+		/* fatal errors */
+		if (rc < 0 && !feof(f)) {
+			DBG(TAB, ul_debugobj(tb, "fatal error"));
+			goto err;
+		}
+	} while (1);
 
 	DBG(TAB, ul_debugobj(tb, "%s: stop parsing (%d entries)",
 				filename, mnt_table_get_nents(tb)));
-- 
2.29.2