From 47eba00af0f5633717f8139041e2ec257ec39da1 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Wed, 26 Jul 2017 11:50:52 -0400
Subject: [PATCH] Fix: use of file pointer after fclose()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

See fclose(3). Further access to out_fp after both success and error,
even through another bt_close_memstream(), results in undefined
behavior. Nullify out_fp to ensure we don't fclose it twice on error.

Found by Coverity:

CID 1376182 (#1 of 1): Use after close (USE_AFTER_FREE).
use_closed_file: Calling bt_close_memstream uses file handle out_fp
after closing it.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---
 plugins/ctf/common/metadata/decoder.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/plugins/ctf/common/metadata/decoder.c b/plugins/ctf/common/metadata/decoder.c
index cba4756c..559820b3 100644
--- a/plugins/ctf/common/metadata/decoder.c
+++ b/plugins/ctf/common/metadata/decoder.c
@@ -291,6 +291,13 @@ int ctf_metadata_decoder_packetized_file_stream_to_buf_with_mdec(
 
 	/* Close stream, which also flushes the buffer */
 	ret = bt_close_memstream(buf, &size, out_fp);
+	/*
+	 * See fclose(3). Further access to out_fp after both success
+	 * and error, even through another bt_close_memstream(), results
+	 * in undefined behavior. Nullify out_fp to ensure we don't
+	 * fclose it twice on error.
+	 */
+	out_fp = NULL;
 	if (ret < 0) {
 		BT_LOGE("Cannot close memory stream: %s: mdec-addr=%p",
 			strerror(errno), mdec);
-- 
2.34.1