From: Simon Marchi <simon.marchi@efficios.com>
Date: Wed, 21 Aug 2019 23:47:32 +0000 (-0400)
Subject: Fix: ctf: fix possible use-after-free in ctf_fs_component_create
X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=bce64edbf55818ceb0113c5824e957af7c5f39ee

Fix: ctf: fix possible use-after-free in ctf_fs_component_create

The error path destroys the ctf_fs_component, but doesn't reset the
variable, so we return a pointer to free'd memory.  We should be
returning NULL in the error case.  Fix it by assigning to NULL after
destroying the ctf_fs_component.

Change-Id: Ib7afd03009dc646460f77fae331920307229220a
Signed-off-by: Simon Marchi <simon.marchi@efficios.com>
Reviewed-on: https://review.lttng.org/c/babeltrace/+/1973
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Reviewed-by: Philippe Proulx <eeppeliteloop@gmail.com>
---

diff --git a/src/plugins/ctf/fs-src/fs.c b/src/plugins/ctf/fs-src/fs.c
index 707ea551..8036fe15 100644
--- a/src/plugins/ctf/fs-src/fs.c
+++ b/src/plugins/ctf/fs-src/fs.c
@@ -405,9 +405,8 @@ struct ctf_fs_component *ctf_fs_component_create(bt_logging_level log_level,
 	goto end;
 
 error:
-	if (ctf_fs) {
-		ctf_fs_destroy(ctf_fs);
-	}
+	ctf_fs_destroy(ctf_fs);
+	ctf_fs = NULL;
 
 end:
 	return ctf_fs;