Fix: sink.ctf.fs: possible use-after-free

Issue
=====
We might use of `trace` pointer after freeing it in the error path.

Solution
========
Move the `fclose()` call (and surroundings) before the `end` label as
the `fh` pointer is only initialized after the only possible `goto end`.

Reported-by: scan-build - Use of memory after it is freed
Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Change-Id: I8f346b45a76ce976019931f9c63c20dd18a88d86
Reviewed-on: https://review.lttng.org/c/babeltrace/+/1968
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Reviewed-by: Simon Marchi <simon.marchi@efficios.com>

diff --git a/src/plugins/ctf/fs-sink/fs-sink-trace.c b/src/plugins/ctf/fs-sink/fs-sink-trace.c
index 3d647d2d769e858cdff2b47b839a6582b5985071..1b0bf390dd516a9c79f89bc21b9b17f0e5e31468 100644 (file)
--- a/src/plugins/ctf/fs-sink/fs-sink-trace.c
+++ b/src/plugins/ctf/fs-sink/fs-sink-trace.c
@@ -528,14 +528,6 @@ void fs_sink_trace_destroy(struct fs_sink_trace *trace)
                trace->path = NULL;
        }
 
-       g_string_free(trace->metadata_path, TRUE);
-       trace->metadata_path = NULL;
-
-       fs_sink_ctf_trace_destroy(trace->trace);
-       trace->trace = NULL;
-       g_free(trace);
-
-end:
        if (fh) {
                int ret = fclose(fh);
 
@@ -546,10 +538,18 @@ end:
                }
        }
 
+       g_string_free(trace->metadata_path, TRUE);
+       trace->metadata_path = NULL;
+
+       fs_sink_ctf_trace_destroy(trace->trace);
+       trace->trace = NULL;
+       g_free(trace);
+
        if (tsdl) {
                g_string_free(tsdl, TRUE);
        }
 
+end:
        return;
 }