Fix: lttng-live: use-after-free in get_next_index()

Running babeltrace under valgrind with a test-cases doing per-pid
lttng tracing in live mode triggers this use-after-free in
get_next_index() when stream is hung up.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/formats/lttng-live/lttng-live-comm.c b/formats/lttng-live/lttng-live-comm.c
index 33a7802929cef8d04e0da19806615a30ce9a10b0..96817f5e170d65e02d310d0e9abc0bc224283c9f 100644 (file)
--- a/formats/lttng-live/lttng-live-comm.c
+++ b/formats/lttng-live/lttng-live-comm.c
@@ -1108,8 +1108,8 @@ retry:
                viewer_stream->in_trace = 0;
                bt_list_del(&viewer_stream->trace_stream_node);
                bt_list_del(&viewer_stream->session_stream_node);
                viewer_stream->in_trace = 0;
                bt_list_del(&viewer_stream->trace_stream_node);
                bt_list_del(&viewer_stream->session_stream_node);

-               g_free(viewer_stream);

                *stream_id = be64toh(rp->stream_id);
                *stream_id = be64toh(rp->stream_id);

+               g_free(viewer_stream);

                break;
        case LTTNG_VIEWER_INDEX_ERR:
                fprintf(stderr, "[error] get_next_index: error\n");
                break;
        case LTTNG_VIEWER_INDEX_ERR:
                fprintf(stderr, "[error] get_next_index: error\n");