From d61ad9ef7bc9a9650ae9e2793ff7e3afe816a670 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Tue, 15 Dec 2020 09:30:53 -0500 Subject: [PATCH] Fix: memory and fd leaks in error counter Use a regular pattern for all commands: If the command callback takes ownership of a pointer or file descriptor, it sets them to NULL or -1. Therefore, the caller can always try to free the pointer, or close it if it is greater or equal to 0. This eliminates memory and fd leaks on error. Change-Id: I4916920095526c166636c6a432b95fdd6fd1ca4b Signed-off-by: Mathieu Desnoyers --- liblttng-ust/lttng-ust-comm.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c index 682992ca..8d90e2c3 100644 --- a/liblttng-ust/lttng-ust-comm.c +++ b/liblttng-ust/lttng-ust-comm.c @@ -1203,6 +1203,7 @@ int handle_message(struct sock_info *sock_info, &args, sock_info); else ret = -ENOSYS; + free(args.counter.counter_data); break; } case LTTNG_UST_COUNTER_GLOBAL: @@ -1220,6 +1221,16 @@ int handle_message(struct sock_info *sock_info, &args, sock_info); else ret = -ENOSYS; + if (args.counter_shm.shm_fd >= 0) { + int close_ret; + + lttng_ust_lock_fd_tracker(); + close_ret = close(args.counter_shm.shm_fd); + lttng_ust_unlock_fd_tracker(); + args.counter_shm.shm_fd = -1; + if (close_ret) + PERROR("close"); + } break; } case LTTNG_UST_COUNTER_CPU: @@ -1237,6 +1248,16 @@ int handle_message(struct sock_info *sock_info, &args, sock_info); else ret = -ENOSYS; + if (args.counter_shm.shm_fd >= 0) { + int close_ret; + + lttng_ust_lock_fd_tracker(); + close_ret = close(args.counter_shm.shm_fd); + lttng_ust_unlock_fd_tracker(); + args.counter_shm.shm_fd = -1; + if (close_ret) + PERROR("close"); + } break; } case LTTNG_UST_EVENT_NOTIFIER_CREATE: -- 2.34.1