Fix: use of file pointer after fclose()

See fclose(3). Further access to out_fp after both success and error,
even through another bt_close_memstream(), results in undefined
behavior. Nullify out_fp to ensure we don't fclose it twice on error.

Found by Coverity:

CID 1376182 (#1 of 1): Use after close (USE_AFTER_FREE).
use_closed_file: Calling bt_close_memstream uses file handle out_fp
after closing it.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/plugins/ctf/common/metadata/decoder.c b/plugins/ctf/common/metadata/decoder.c
index cba4756c07d9ce34ccd85535006be8cd08d19be5..559820b350e953e9e077d6539a842f4910674f4b 100644 (file)
--- a/plugins/ctf/common/metadata/decoder.c
+++ b/plugins/ctf/common/metadata/decoder.c
@@ -291,6 +291,13 @@ int ctf_metadata_decoder_packetized_file_stream_to_buf_with_mdec(
 
        /* Close stream, which also flushes the buffer */
        ret = bt_close_memstream(buf, &size, out_fp);
+       /*
+        * See fclose(3). Further access to out_fp after both success
+        * and error, even through another bt_close_memstream(), results
+        * in undefined behavior. Nullify out_fp to ensure we don't
+        * fclose it twice on error.
+        */
+       out_fp = NULL;
        if (ret < 0) {
                BT_LOGE("Cannot close memory stream: %s: mdec-addr=%p",
                        strerror(errno), mdec);