From 4778a6c98cdf962ff5ea2de99171783c9b4cfb39 Mon Sep 17 00:00:00 2001 From: Simon Marchi Date: Thu, 15 Aug 2019 11:24:24 -0400 Subject: [PATCH] Fix: cli: increment bt_value_null ref count when returning null value The ini_parse_value function returns a new reference to a value. When return a null value, it needs to acquire a new reference to bt_value_null to account for that. A crash can be triggered because of this bug with: $ LIBBABELTRACE2_INIT_LOG_LEVEL=W ~/build/babeltrace/src/cli/babeltrace2 -c src.ctf.fs --params='yo=null,madame=null,la=null' 08-15 11:27:23.947 8793 8793 W LIB/VALUE bt_value_null_instance_release_func@value.c:72 Releasing the null value singleton: addr=0x7fb46d3038e0 08-15 11:27:23.947 8793 8793 F LIB/VALUE bt_object_put_ref@object.h:367 Babeltrace 2 library precondition not satisfied; error is: 08-15 11:27:23.947 8793 8793 F LIB/VALUE bt_object_put_ref@object.h:367 Decrementing a reference count set to 0: addr=0x7fb46d3038e0, ref-count=0 08-15 11:27:23.947 8793 8793 F LIB/VALUE bt_object_put_ref@object.h:367 Aborting... Change-Id: I6748fd9d8a7ba89728f0e4ddb9ea62bf423fdc91 Signed-off-by: Simon Marchi Reviewed-on: https://review.lttng.org/c/babeltrace/+/1941 Tested-by: jenkins Reviewed-by: Philippe Proulx --- src/cli/babeltrace2-cfg-cli-params-arg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cli/babeltrace2-cfg-cli-params-arg.c b/src/cli/babeltrace2-cfg-cli-params-arg.c index e5662c69..79cde929 100644 --- a/src/cli/babeltrace2-cfg-cli-params-arg.c +++ b/src/cli/babeltrace2-cfg-cli-params-arg.c @@ -320,6 +320,7 @@ bt_value *ini_parse_value(struct ini_parsing_state *state) if (strcmp(id, "null") == 0 || strcmp(id, "NULL") == 0 || strcmp(id, "nul") == 0) { value = bt_value_null; + bt_value_get_ref(value); } else if (strcmp(id, "true") == 0 || strcmp(id, "TRUE") == 0 || strcmp(id, "yes") == 0 || strcmp(id, "YES") == 0) { -- 2.34.1