From d8d1b1b164d376321bc879f6d5d1102aaf87a227 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 21 Jan 2013 16:22:01 -0500 Subject: [PATCH] Fix: Double free when calling bt_context_remove_trace() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit ctf_close_trace was being called twice when calling bt_context_remove_trace thus causing free() to be called on an invalid pointer. Calling bt_context_remove_trace() would call ctf_close_trace() once via the close_handle callback registered on the ctf format struct and a second call would take place from bt_trace_handle_destroy() which is registered as the value_destroy_func on the trace_handles hash table of the current context. bt_trace_handle_destroy() now only deallocates the trace handle and does not perform the trace closing. This makes the bt_trace_handle_create/destroy and bt_context_add/remove_trace parts of the public API symmetric. The crash is reproducible by invoking the tests-python.py script. Signed-off-by: Jérémie Galarneau Signed-off-by: Mathieu Desnoyers --- lib/trace-handle.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/trace-handle.c b/lib/trace-handle.c index 0da565b0..455e4407 100644 --- a/lib/trace-handle.c +++ b/lib/trace-handle.c @@ -49,7 +49,6 @@ struct bt_trace_handle *bt_trace_handle_create(struct bt_context *ctx) void bt_trace_handle_destroy(struct bt_trace_handle *th) { - th->format->close_trace(th->td); g_free(th); } -- 2.34.1