Fix: error path if heap_init fails
authorJulien Desfossez <jdesfossez@efficios.com>
Thu, 2 Aug 2012 22:24:43 +0000 (18:24 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 2 Aug 2012 22:24:43 +0000 (18:24 -0400)
Avoid an eventual double-free if heap_init fails in bt_iter_set_pos.

[ Note by Mathieu Desnoyers: the current implementation of heap_init
  ensures that ptrs is set to NULL when it fails, so there is currently
  no double-free situation. But let's not rely on this implementation
  detail that might change in the future. ]

Signed-off-by: Julien Desfossez <jdesfossez@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
lib/iterator.c

index 9faf4e9412a9f7becebf4834065ce735f12f7098..c6ee4c9c0dba3ebf53883a8ad4a7c7c53c1a2ada 100644 (file)
@@ -199,7 +199,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
                heap_free(iter->stream_heap);
                ret = heap_init(iter->stream_heap, 0, stream_compare);
                if (ret < 0)
-                       goto error;
+                       goto error_heap_init;
 
                for (i = 0; i < iter_pos->u.restore->stream_saved_pos->len;
                                i++) {
@@ -248,7 +248,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
                heap_free(iter->stream_heap);
                ret = heap_init(iter->stream_heap, 0, stream_compare);
                if (ret < 0)
-                       goto error;
+                       goto error_heap_init;
 
                /* for each trace in the trace_collection */
                for (i = 0; i < tc->array->len; i++) {
@@ -279,7 +279,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
                heap_free(iter->stream_heap);
                ret = heap_init(iter->stream_heap, 0, stream_compare);
                if (ret < 0)
-                       goto error;
+                       goto error_heap_init;
 
                for (i = 0; i < tc->array->len; i++) {
                        struct ctf_trace *tin;
@@ -331,12 +331,14 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
 
 error:
        heap_free(iter->stream_heap);
+error_heap_init:
        if (heap_init(iter->stream_heap, 0, stream_compare) < 0) {
                heap_free(iter->stream_heap);
                g_free(iter->stream_heap);
                iter->stream_heap = NULL;
                ret = -ENOMEM;
        }
+
        return ret;
 }
 
@@ -525,6 +527,7 @@ error:
        heap_free(iter->stream_heap);
 error_heap_init:
        g_free(iter->stream_heap);
+       iter->stream_heap = NULL;
 error_ctx:
        return ret;
 }
This page took 0.034921 seconds and 4 git commands to generate.