From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Wed, 26 Jul 2017 15:50:52 +0000 (-0400)
Subject: Fix: use of file pointer after fclose()
X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=47eba00af0f5633717f8139041e2ec257ec39da1

Fix: use of file pointer after fclose()

See fclose(3). Further access to out_fp after both success and error,
even through another bt_close_memstream(), results in undefined
behavior. Nullify out_fp to ensure we don't fclose it twice on error.

Found by Coverity:

CID 1376182 (#1 of 1): Use after close (USE_AFTER_FREE).
use_closed_file: Calling bt_close_memstream uses file handle out_fp
after closing it.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/plugins/ctf/common/metadata/decoder.c b/plugins/ctf/common/metadata/decoder.c
index cba4756c..559820b3 100644
--- a/plugins/ctf/common/metadata/decoder.c
+++ b/plugins/ctf/common/metadata/decoder.c
@@ -291,6 +291,13 @@ int ctf_metadata_decoder_packetized_file_stream_to_buf_with_mdec(
 
 	/* Close stream, which also flushes the buffer */
 	ret = bt_close_memstream(buf, &size, out_fp);
+	/*
+	 * See fclose(3). Further access to out_fp after both success
+	 * and error, even through another bt_close_memstream(), results
+	 * in undefined behavior. Nullify out_fp to ensure we don't
+	 * fclose it twice on error.
+	 */
+	out_fp = NULL;
 	if (ret < 0) {
 		BT_LOGE("Cannot close memory stream: %s: mdec-addr=%p",
 			strerror(errno), mdec);