From 21c5a2331cdefbf6316f2ad9cb648061bde47c8e Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Tue, 11 Jan 2022 13:59:15 -0500 Subject: [PATCH] Fix: lttng-ctl: lttng_list_sessions: initialize out_sessions to NULL when returning 0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Observed issue ============== Users of lttng-ctl API's lttng_list_sessions observe application crash when freeing the *out_sessions output value when lttng_list_sessions returns 0. Cause ===== The implementation does not set *out_sessions to NULL when lttng_ctl_ask_sessiond() sets the sessions variable to NULL. This causes the user application to attempt to free(3) an uninitialized pointer. Solution ======== Initialize out_sessions to NULL before invoking lttng_ctl_ask_sessiond(), so it is initialized when lttng_list_sessions returns 0, thus allowing *out_sessions to be subsequently freed. A free(3) on a NULL pointer is a no-op. Known drawbacks =============== None. History ======= This was introduced by those two commits: b178f53e90 ("Generate session name and default output on sessiond's end") 27ea4ba825 ("Fix: error when listing sessions with no session") This is a regression present in the stable-2.11, stable-2.12, stable-2.13, and master branches. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau Change-Id: I34125d708a32674d79b831e5004c48321ebd711e --- src/lib/lttng-ctl/lttng-ctl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/lib/lttng-ctl/lttng-ctl.c b/src/lib/lttng-ctl/lttng-ctl.c index 6c9ecb9ba..ff40ee3e7 100644 --- a/src/lib/lttng-ctl/lttng-ctl.c +++ b/src/lib/lttng-ctl/lttng-ctl.c @@ -2074,6 +2074,12 @@ int lttng_list_sessions(struct lttng_session **out_sessions) memset(&lsm, 0, sizeof(lsm)); lsm.cmd_type = LTTNG_LIST_SESSIONS; + /* + * Initialize out_sessions to NULL so it is initialized when + * lttng_list_sessions returns 0, thus allowing *out_sessions to + * be subsequently freed. + */ + *out_sessions = NULL; ret = lttng_ctl_ask_sessiond(&lsm, (void**) &sessions); if (ret <= 0) { goto end; @@ -2086,7 +2092,6 @@ int lttng_list_sessions(struct lttng_session **out_sessions) if (ret % session_size) { ret = -LTTNG_ERR_UNK; free(sessions); - *out_sessions = NULL; goto end; } session_count = (size_t) ret / session_size; -- 2.34.1