From bce64edbf55818ceb0113c5824e957af7c5f39ee Mon Sep 17 00:00:00 2001
From: Simon Marchi <simon.marchi@efficios.com>
Date: Wed, 21 Aug 2019 19:47:32 -0400
Subject: [PATCH] Fix: ctf: fix possible use-after-free in
 ctf_fs_component_create

The error path destroys the ctf_fs_component, but doesn't reset the
variable, so we return a pointer to free'd memory.  We should be
returning NULL in the error case.  Fix it by assigning to NULL after
destroying the ctf_fs_component.

Change-Id: Ib7afd03009dc646460f77fae331920307229220a
Signed-off-by: Simon Marchi <simon.marchi@efficios.com>
Reviewed-on: https://review.lttng.org/c/babeltrace/+/1973
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Reviewed-by: Philippe Proulx <eeppeliteloop@gmail.com>
---
 src/plugins/ctf/fs-src/fs.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/plugins/ctf/fs-src/fs.c b/src/plugins/ctf/fs-src/fs.c
index 707ea551..8036fe15 100644
--- a/src/plugins/ctf/fs-src/fs.c
+++ b/src/plugins/ctf/fs-src/fs.c
@@ -405,9 +405,8 @@ struct ctf_fs_component *ctf_fs_component_create(bt_logging_level log_level,
 	goto end;
 
 error:
-	if (ctf_fs) {
-		ctf_fs_destroy(ctf_fs);
-	}
+	ctf_fs_destroy(ctf_fs);
+	ctf_fs = NULL;
 
 end:
 	return ctf_fs;
-- 
2.34.1