From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Mon, 25 Nov 2019 19:37:38 +0000 (-0500)
Subject: Fix: fd-tracker: crash on close of partially initialized handle
X-Git-Url: http://git.efficios.com/?p=lttng-tools.git;a=commitdiff_plain;h=660a216c836c22975eeb39fe975a41f325984c4b

Fix: fd-tracker: crash on close of partially initialized handle

A number of internal functions are used in the error path of the
creation of an fs_handle. Since the fs_handle is partially
initialized, those functions need to be adapted to handle cases where
internal members are NULL.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/common/fd-tracker/fd-tracker.c b/src/common/fd-tracker/fd-tracker.c
index c8cbc6b33..6f95ffc98 100644
--- a/src/common/fd-tracker/fd-tracker.c
+++ b/src/common/fd-tracker/fd-tracker.c
@@ -475,6 +475,8 @@ int fd_tracker_destroy(struct fd_tracker *tracker)
 		ret = cds_lfht_destroy(tracker->unsuspendable_fds, NULL);
 		assert(!ret);
 	}
+
+	lttng_inode_registry_destroy(tracker->inode_registry);
 	pthread_mutex_destroy(&tracker->lock);
 	free(tracker);
 end:
@@ -517,12 +519,13 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker,
 	if (!handle) {
 		goto end;
 	}
+	handle->tracker = tracker;
 
 	ret = pthread_mutex_init(&handle->lock, NULL);
 	if (ret) {
 		PERROR("Failed to initialize handle mutex while creating fs handle");
 		free(handle);
-		goto end;
+		goto error_free;
 	}
 
 	handle->fd = open_from_properties(path, &properties);
@@ -550,13 +553,17 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker,
 	handle->ino = fd_stat.st_ino;
 
 	fd_tracker_track(tracker, handle);
-	handle->tracker = tracker;
 	pthread_mutex_unlock(&tracker->lock);
 end:
 	return handle;
 error_destroy:
+	pthread_mutex_destroy(&handle->lock);
+error_free:
+	if (handle->inode) {
+		lttng_inode_put(handle->inode);
+	}
+	free(handle);
 	pthread_mutex_unlock(&tracker->lock);
-	(void) fs_handle_close(handle);
 	handle = NULL;
 	goto end;
 }
@@ -844,7 +851,7 @@ int fs_handle_unlink(struct fs_handle *handle)
 int fs_handle_close(struct fs_handle *handle)
 {
 	int ret = 0;
-	const char *path;
+	const char *path = NULL;
 
 	if (!handle) {
 		ret = -EINVAL;
@@ -853,7 +860,9 @@ int fs_handle_close(struct fs_handle *handle)
 
 	pthread_mutex_lock(&handle->tracker->lock);
 	pthread_mutex_lock(&handle->lock);
-	path = lttng_inode_get_path(handle->inode);
+	if (handle->inode) {
+		path = lttng_inode_get_path(handle->inode);
+	}
 	fd_tracker_untrack(handle->tracker, handle);
 	if (handle->fd >= 0) {
 		/*
@@ -862,7 +871,7 @@ int fs_handle_close(struct fs_handle *handle)
 		 */
 		if (close(handle->fd)) {
 			PERROR("Failed to close the file descritptor (%d) of fs handle to %s, close() returned",
-					handle->fd, path);
+					handle->fd, path ? path : "Unknown");
 		}
 		handle->fd = -1;
 	}