Observed issue
==============
Users of lttng-ctl API's lttng_list_sessions observe application crash
when freeing the *out_sessions output value when lttng_list_sessions
returns 0.
Cause
=====
The implementation does not set *out_sessions to NULL when
lttng_ctl_ask_sessiond() sets the sessions variable to NULL.
This causes the user application to attempt to free(3) an uninitialized
pointer.
Solution
========
Initialize out_sessions to NULL before invoking
lttng_ctl_ask_sessiond(), so it is initialized when lttng_list_sessions
returns 0, thus allowing *out_sessions to be subsequently freed.
A free(3) on a NULL pointer is a no-op.
Known drawbacks
===============
None.
History
=======
This was introduced by those two commits:
b178f53e90 ("Generate session name and default output on sessiond's end")
27ea4ba825 ("Fix: error when listing sessions with no session")
This is a regression present in the stable-2.11, stable-2.12,
stable-2.13, and master branches.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I34125d708a32674d79b831e5004c48321ebd711e
memset(&lsm, 0, sizeof(lsm));
lsm.cmd_type = LTTNG_LIST_SESSIONS;
+ /*
+ * Initialize out_sessions to NULL so it is initialized when
+ * lttng_list_sessions returns 0, thus allowing *out_sessions to
+ * be subsequently freed.
+ */
+ *out_sessions = NULL;
ret = lttng_ctl_ask_sessiond(&lsm, (void**) &sessions);
if (ret <= 0) {
goto end;
if (ret % session_size) {
ret = -LTTNG_ERR_UNK;
free(sessions);
- *out_sessions = NULL;
goto end;
}
session_count = (size_t) ret / session_size;
projects / deliverable / lttng-tools.git / commitdiff
