Fix: ctf: fix possible use-after-free in ctf_fs_component_create
authorSimon Marchi <simon.marchi@efficios.com>
Wed, 21 Aug 2019 23:47:32 +0000 (19:47 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 4 Sep 2019 15:58:22 +0000 (11:58 -0400)
The error path destroys the ctf_fs_component, but doesn't reset the
variable, so we return a pointer to free'd memory.  We should be
returning NULL in the error case.  Fix it by assigning to NULL after
destroying the ctf_fs_component.

Change-Id: Ib7afd03009dc646460f77fae331920307229220a
Signed-off-by: Simon Marchi <simon.marchi@efficios.com>
Reviewed-on: https://review.lttng.org/c/babeltrace/+/1973
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Reviewed-by: Philippe Proulx <eeppeliteloop@gmail.com>
src/plugins/ctf/fs-src/fs.c

index 707ea551503273fa61d260a5684452350b74efd8..8036fe1598a10f5384f5a507718ce63af3c676e1 100644 (file)
@@ -405,9 +405,8 @@ struct ctf_fs_component *ctf_fs_component_create(bt_logging_level log_level,
        goto end;
 
 error:
-       if (ctf_fs) {
-               ctf_fs_destroy(ctf_fs);
-       }
+       ctf_fs_destroy(ctf_fs);
+       ctf_fs = NULL;
 
 end:
        return ctf_fs;
This page took 0.030047 seconds and 4 git commands to generate.