[PATCH] erofs-utils: mount: fix unhandled realloc failure in flag parsing

[Ajay Rajera]

erofsmount_parse_flagopts() correctly returns -ENOMEM when realloc()
fails while extending the mount options string. However, the caller
erofsmount_parse_options() directly assigns the return value to
mountcfg.flags without checking for negative error codes.

On realloc() failure, mountcfg.flags is set to -ENOMEM (-12), which
in two's complement silently activates nearly every mount flag bit
(MS_NOSUID, MS_NODEV, MS_NOEXEC, etc.). Instead of aborting with a
clear error, the program continues with a corrupted flags bitmask,
leading to unexpected mount behavior.

Fix by capturing the return value in a local variable first and
propagating the error to the caller before modifying mountcfg.flags.

Signed-off-by: Ajay Rajera <newajay.11r at gmail.com>
---
 mount/main.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/mount/main.c b/mount/main.c
index 5fdda81..449b35b 100644
--- a/mount/main.c
+++ b/mount/main.c
@@ -303,12 +303,17 @@ static int erofsmount_parse_options(int argc, char **argv)
 			}
 			cfg.c_dbg_lvl = i;
 			break;
-		case 'o':
+		case 'o': {
+			long flags;
+
 			mountcfg.full_options = optarg;
-			mountcfg.flags =
-				erofsmount_parse_flagopts(optarg, mountcfg.flags,
+			flags = erofsmount_parse_flagopts(optarg, mountcfg.flags,
 							  &mountcfg.options);
+			if (flags < 0)
+				return flags;
+			mountcfg.flags = flags;
 			break;
+		}
 		case 't':
 			dot = strchr(optarg, '.');
 			if (dot) {
-- 
2.51.0.windows.1