Fix: sink.ctf.fs: possible uses after free because of unchecked return values

Uses after free are possible because we ignore the return value of the
`bt_ctfser_write_*()` function calls. To avoid this, check the return
values and log an error message.

  CID 1401217 (#4 of 4): Use after free (USE_AFTER_FREE)
  11. deref_arg: Calling bt_ctfser_write_byte_aligned_unsigned_int
  dereferences freed pointer stream->ctfser.base_mma

  CID 1401193 (#2 of 2): Unchecked return value (CHECKED_RETURN)
  8. check_return: Calling bt_ctfser_write_byte_aligned_unsigned_int
  without checking return value (as is done elsewhere 8 out of 10
  times).

Reported-by: Coverity (1401217) Use after free
Reported-by: Coverity (1401193) Unchecked return value
Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Change-Id: I7581c0e549d7bf916f42afe306976baa9822897a
Reviewed-on: https://review.lttng.org/c/babeltrace/+/1286
Tested-by: jenkins
Reviewed-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/plugins/ctf/fs-sink/fs-sink-stream.c b/plugins/ctf/fs-sink/fs-sink-stream.c
index 6e926def2241f9e459bb34146077502c60ef2c81..c11305b722a7029d6c9cfb3b1cd9bc941655aad9 100644 (file)
--- a/plugins/ctf/fs-sink/fs-sink-stream.c
+++ b/plugins/ctf/fs-sink/fs-sink-stream.c
@@ -548,22 +548,46 @@ int fs_sink_stream_open_packet(struct fs_sink_stream *stream,
        }
 
        /* Packet header: magic */
-       bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
+       ret = bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
                UINT64_C(0xc1fc1fc1), 8, 32, BYTE_ORDER);
+       if (ret) {
+               BT_LOGE("Error writing packet header magic: stream-file-name=%s",
+                       stream->file_name->str);
+               goto end;
+       }
 
        /* Packet header: UUID */
        for (i = 0; i < BABELTRACE_UUID_LEN; i++) {
-               bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
+               ret = bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
                        (uint64_t) stream->sc->tc->uuid[i], 8, 8, BYTE_ORDER);
+               if (ret) {
+                       BT_LOGE("Error writing packet header UUID: stream-file-name=%s",
+                               stream->file_name->str);
+                       goto end;
+               }
        }
 
        /* Packet header: stream class ID */
-       bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
+       ret = bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
                bt_stream_class_get_id(stream->sc->ir_sc), 8, 64, BYTE_ORDER);
+       if (ret) {
+               BT_LOGE("Error writing packet header stream class id: "
+                       "stream-file-name=%s, stream-class-id=%"PRIu64,
+                       stream->file_name->str,
+                       bt_stream_class_get_id(stream->sc->ir_sc));
+               goto end;
+       }
 
        /* Packet header: stream ID */
-       bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
+       ret = bt_ctfser_write_byte_aligned_unsigned_int(&stream->ctfser,
                bt_stream_get_id(stream->ir_stream), 8, 64, BYTE_ORDER);
+       if (ret) {
+               BT_LOGE("Error writing packet header stream id: "
+                       "stream-file-name=%s, stream-id=%"PRIu64,
+                       stream->file_name->str,
+                       bt_stream_get_id(stream->ir_stream));
+               goto end;
+       }
 
        /* Save packet context's offset to rewrite it later */
        stream->packet_state.context_offset_bits =