From 58f835e108c72cf830c4bc3d5b6abce80ebb0b6c Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Thu, 12 Sep 2019 10:23:23 -0400 Subject: [PATCH] lttng-sessiond: clean-up: set free'd pointer to NULL MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Set the wait_node and ust_cmd pointers to NULL after they have been free'd to make this function easier to follow. This may also help scan-build analyze this function as it gets confused about the values of those variables. Currently, scan-build (clang 8.0.1) reports a use-after free of both variables when 'app' is simultaneously null and non-null... you read that right. Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/dispatch.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/bin/lttng-sessiond/dispatch.c b/src/bin/lttng-sessiond/dispatch.c index a637f23de..bfe4455b5 100644 --- a/src/bin/lttng-sessiond/dispatch.c +++ b/src/bin/lttng-sessiond/dispatch.c @@ -304,6 +304,7 @@ static void *thread_dispatch_ust_registration(void *data) } lttng_fd_put(LTTNG_FD_APPS, 1); free(ust_cmd); + ust_cmd = NULL; goto error; } CDS_INIT_LIST_HEAD(&wait_node->head); @@ -318,7 +319,9 @@ static void *thread_dispatch_ust_registration(void *data) } lttng_fd_put(LTTNG_FD_APPS, 1); free(wait_node); + wait_node = NULL; free(ust_cmd); + ust_cmd = NULL; continue; } /* @@ -329,6 +332,7 @@ static void *thread_dispatch_ust_registration(void *data) wait_queue.count++; free(ust_cmd); + ust_cmd = NULL; /* * We have to continue here since we don't have the notify * socket and the application MUST be added to the hash table @@ -349,6 +353,7 @@ static void *thread_dispatch_ust_registration(void *data) wait_queue.count--; app = wait_node->app; free(wait_node); + wait_node = NULL; DBG3("UST app notify socket %d is set", ust_cmd->sock); break; } @@ -367,6 +372,7 @@ static void *thread_dispatch_ust_registration(void *data) lttng_fd_put(LTTNG_FD_APPS, 1); } free(ust_cmd); + ust_cmd = NULL; } if (app) { -- 2.34.1