From 99a98ed3b86b74dacba885e5de33ff67bf412af0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Sat, 6 Apr 2019 15:16:38 -0400 Subject: [PATCH] Fix: command reply message is leaked for variable-len replies MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Commands which return a variable-length payload re-setup the command context using setup_lttng_msg() (and its wrappers). In doing so, the lttcomm_lttng_msg structure (plus its trailing variable-length payload) are re-allocated. However, the previous instance of lttcomm_lttng_msg is leaked. This is solved by free()-ing the original lttcomm_lttng_msg when setup_lttng_msg() is used. When it is only used once, a NULL pointer will be free'd without any effect. Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/client.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/bin/lttng-sessiond/client.c b/src/bin/lttng-sessiond/client.c index a889529a7..fb50b3cc6 100644 --- a/src/bin/lttng-sessiond/client.c +++ b/src/bin/lttng-sessiond/client.c @@ -81,6 +81,7 @@ static int setup_lttng_msg(struct command_ctx *cmd_ctx, const size_t payload_offset = cmd_header_offset + cmd_header_len; const size_t total_msg_size = header_len + cmd_header_len + payload_len; + free(cmd_ctx->llm); cmd_ctx->llm = zmalloc(total_msg_size); if (cmd_ctx->llm == NULL) { -- 2.34.1