From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Mon, 21 Jan 2013 21:22:01 +0000 (-0500)
Subject: Fix: Double free when calling bt_context_remove_trace()
X-Git-Tag: v1.2.0-rc1~83
X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=d8d1b1b164d376321bc879f6d5d1102aaf87a227

Fix: Double free when calling bt_context_remove_trace()

ctf_close_trace was being called twice when calling
bt_context_remove_trace thus causing free() to be called on an invalid
pointer.

Calling bt_context_remove_trace() would call ctf_close_trace() once via
the close_handle callback registered on the ctf format struct and a
second call would take place from bt_trace_handle_destroy() which is
registered as the value_destroy_func on the trace_handles hash table of
the current context.

bt_trace_handle_destroy() now only deallocates the trace handle and does
not perform the trace closing. This makes the
bt_trace_handle_create/destroy and bt_context_add/remove_trace parts of
the public API symmetric.

The crash is reproducible by invoking the tests-python.py script.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---

diff --git a/lib/trace-handle.c b/lib/trace-handle.c
index 0da565b0..455e4407 100644
--- a/lib/trace-handle.c
+++ b/lib/trace-handle.c
@@ -49,7 +49,6 @@ struct bt_trace_handle *bt_trace_handle_create(struct bt_context *ctx)
 
 void bt_trace_handle_destroy(struct bt_trace_handle *th)
 {
-	th->format->close_trace(th->td);
 	g_free(th);
 }