This is on the verge of being out of scope for Mender, but as we do allocate two partitions for the root filesystems there are some possibilities to support a roll-back in case of a failure even if there is no update in progress.
Today there are no guarantees that the inactive partition is valid or functional as you might have "old interrupted deployments" on there, one possibility here is to try and make sure that it is valid meaning in a roll-back scenario you would recover the inactive part to something functional which make you tolerant to corruption on the active partition, at least to some degree.
NOTE! That this has some security implications as well and opens up an attack vector, meaning that if I can corrupt your active system I might be able to force a roll-back to something that know has security vulnerabilities that I can exploit.
This might be a good fit for the rootfs-v2 update module