Re: [PATCH] kpartx: fix segfault when operating on regular files

[Benjamin Marzinski <bmarzins@redhat.com>]

On Mon, Jan 26, 2026 at 01:13:25PM +0100, Martin Wilck wrote:
> The following problem has been introduced in multipath-tools 0.14.0:
> 
> > truncate -s1G /tmp/img
> > kpartx -a /tmp/img
> double free or corruption (out)
> Aborted                    (core dumped) kpartx -a /tmp/img
> 
> Fix it by always allocating "uuid" on the heap, rather than
> using a static char array.
> 
> Fixes: 8c39e60 ("kpartx: fix some memory leaks")
> Fixes: https://github.com/opensvc/multipath-tools/issues/139
> ---
> 
> Note: This issue also affects the pending github PRs for the
> stable branches 0.13.y, 0.12.y, 0.11.y, and 0.10.y.
> 
> A fix will be pushed to these PRs ASAP.
> 
> ---
>  kpartx/devmapper.c | 16 ++++++++--------
>  kpartx/kpartx.c    |  5 ++++-
>  2 files changed, 12 insertions(+), 9 deletions(-)
> 
> diff --git a/kpartx/devmapper.c b/kpartx/devmapper.c
> index d49c680..45dac58 100644
> --- a/kpartx/devmapper.c
> +++ b/kpartx/devmapper.c
> @@ -1,6 +1,7 @@
>  /*
>   * Copyright (c) 2004, 2005 Christophe Varoqui
>   */
> +#define _GNU_SOURCE
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> @@ -699,14 +700,13 @@ out:
>  
>  char *nondm_create_uuid(dev_t devt)
>  {
> -#define NONDM_UUID_BUFLEN (34 + sizeof(NONDM_UUID_PREFIX) + \
> -			   sizeof(NONDM_UUID_SUFFIX))
> -	static char uuid_buf[NONDM_UUID_BUFLEN];
> -	snprintf(uuid_buf, sizeof(uuid_buf), "%s_%u:%u_%s",
> -		 NONDM_UUID_PREFIX, major(devt), minor(devt),
> -		 NONDM_UUID_SUFFIX);
> -	uuid_buf[NONDM_UUID_BUFLEN-1] = '\0';
> -	return uuid_buf;
> +	char *uuid;
> +
> +	if (asprintf(&uuid, "%s_%u:%u_%s", NONDM_UUID_PREFIX, major(devt),
> +		     minor(devt), NONDM_UUID_SUFFIX) >= 0)
> +		return uuid;
> +	else
> +		return NULL;
>  }
>  
>  int nondm_parse_uuid(const char *uuid, unsigned int *major, unsigned int *minor)
> diff --git a/kpartx/kpartx.c b/kpartx/kpartx.c
> index 9bdd204..cfd8212 100644
> --- a/kpartx/kpartx.c
> +++ b/kpartx/kpartx.c
> @@ -334,8 +334,11 @@ main(int argc, char **argv){
>  	 * This allows deletion of partitions created with older kpartx
>  	 * versions which didn't use the fake UUID during creation.
>  	 */
> -	if (!uuid && !(what == DELETE && force_devmap))
> +	if (!uuid && !(what == DELETE && force_devmap)) {
>  		uuid = nondm_create_uuid(buf.st_rdev);
> +		if (!uuid)

We should probably print an error message before we exit, but
otherwise, this looks good.

-Ben

> +			exit(1);
> +	}
>  
>  	if (delim == NULL) {
>  		delim = xmalloc(DELIM_SIZE);
> -- 
> 2.52.0