deploy: Correctly use libmount unref() calls rather than free()

We saw a random ostree SEGV start popping up in our CI environment:
https://github.com/projectatomic/rpm-ostree/pull/641#issuecomment-281870424

Looking at this code more and comparing it to what util-linux does, I noticed we
had a write-after-free, since `mnt_unref_table()` will invoke
`mnt_unref_cache()` on its cache, and that function does:

```
	if (cache) {
		cache->rfcount--;
```

unconditionally.

Fix this by using `unref()`.

Closes: #705
Approved by: jlebon

diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
index cb5a46156a4118066ef4a8f4168483d87364b0ee..5a3f6d855fa9bab00a6cfba43bbf9b39ac6c7523 100644 (file)
--- a/src/libostree/ostree-sysroot-deploy.c
+++ b/src/libostree/ostree-sysroot-deploy.c
@@ -1692,8 +1692,8 @@ is_ro_mount (const char *path)
 
   fs = mnt_table_find_target(tb, path, MNT_ITER_BACKWARD);
   is_mount = fs && mnt_fs_get_target (fs);
-  mnt_free_cache (cache);
-  mnt_free_table (tb);
+  mnt_unref_cache (cache);
+  mnt_unref_table (tb);
 
   if (!is_mount)
     return FALSE;