From: Julien Desfossez <jdesfossez@efficios.com>
Date: Thu, 2 Aug 2012 22:24:43 +0000 (-0400)
Subject: Fix: error path if heap_init fails
X-Git-Tag: v1.0.0-rc5~41
X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=bed54c92f5e3c9159b776105d17ab5b4c0d682c7;hp=0be8b6b76e1767f8d5f6b4c974df9a7d01eb91bc

Fix: error path if heap_init fails

Avoid an eventual double-free if heap_init fails in bt_iter_set_pos.

[ Note by Mathieu Desnoyers: the current implementation of heap_init
  ensures that ptrs is set to NULL when it fails, so there is currently
  no double-free situation. But let's not rely on this implementation
  detail that might change in the future. ]

Signed-off-by: Julien Desfossez <jdesfossez@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---

diff --git a/lib/iterator.c b/lib/iterator.c
index 9faf4e94..c6ee4c9c 100644
--- a/lib/iterator.c
+++ b/lib/iterator.c
@@ -199,7 +199,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
 		heap_free(iter->stream_heap);
 		ret = heap_init(iter->stream_heap, 0, stream_compare);
 		if (ret < 0)
-			goto error;
+			goto error_heap_init;
 
 		for (i = 0; i < iter_pos->u.restore->stream_saved_pos->len;
 				i++) {
@@ -248,7 +248,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
 		heap_free(iter->stream_heap);
 		ret = heap_init(iter->stream_heap, 0, stream_compare);
 		if (ret < 0)
-			goto error;
+			goto error_heap_init;
 
 		/* for each trace in the trace_collection */
 		for (i = 0; i < tc->array->len; i++) {
@@ -279,7 +279,7 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
 		heap_free(iter->stream_heap);
 		ret = heap_init(iter->stream_heap, 0, stream_compare);
 		if (ret < 0)
-			goto error;
+			goto error_heap_init;
 
 		for (i = 0; i < tc->array->len; i++) {
 			struct ctf_trace *tin;
@@ -331,12 +331,14 @@ int bt_iter_set_pos(struct bt_iter *iter, const struct bt_iter_pos *iter_pos)
 
 error:
 	heap_free(iter->stream_heap);
+error_heap_init:
 	if (heap_init(iter->stream_heap, 0, stream_compare) < 0) {
 		heap_free(iter->stream_heap);
 		g_free(iter->stream_heap);
 		iter->stream_heap = NULL;
 		ret = -ENOMEM;
 	}
+
 	return ret;
 }
 
@@ -525,6 +527,7 @@ error:
 	heap_free(iter->stream_heap);
 error_heap_init:
 	g_free(iter->stream_heap);
+	iter->stream_heap = NULL;
 error_ctx:
 	return ret;
 }