X-Git-Url: https://git.lttng.org/?a=blobdiff_plain;f=src%2Fbin%2Flttng-sessiond%2Fust-app.c;h=1736a3e851b20b646aa0f0b95c8e65c3ddc67fd6;hb=a1dcaf0fdbfbaf02ef38886b556c3d37e4458fdc;hp=12ea705bbe0e4f631cef81a45f2ceaae6af8a2d7;hpb=f45e313daba4dc617f3036ca0ce0e6de305a4ba5;p=lttng-tools.git diff --git a/src/bin/lttng-sessiond/ust-app.c b/src/bin/lttng-sessiond/ust-app.c index 12ea705bb..1736a3e85 100644 --- a/src/bin/lttng-sessiond/ust-app.c +++ b/src/bin/lttng-sessiond/ust-app.c @@ -2610,10 +2610,8 @@ static int create_ust_app_metadata(struct ust_app_session *ua_sess, ret = ust_consumer_ask_channel(ua_sess, metadata, consumer, socket, registry); if (ret < 0) { - /* - * Safe because the metadata obj pointer is not set so the delete below - * will not put a FD back again. - */ + /* Nullify the metadata key so we don't try to close it later on. */ + registry->metadata_key = 0; goto error_consumer; } @@ -2625,10 +2623,8 @@ static int create_ust_app_metadata(struct ust_app_session *ua_sess, */ ret = consumer_setup_metadata(socket, metadata->key); if (ret < 0) { - /* - * Safe because the metadata obj pointer is not set so the delete below - * will not put a FD back again. - */ + /* Nullify the metadata key so we don't try to close it later on. */ + registry->metadata_key = 0; goto error_consumer; } @@ -4473,6 +4469,7 @@ static int reply_ust_register_channel(int sock, int sobjd, int cobjd, DBG("Application socket %d is being teardown. Abort event notify", sock); ret = 0; + free(fields); goto error_rcu_unlock; } @@ -4481,6 +4478,7 @@ static int reply_ust_register_channel(int sock, int sobjd, int cobjd, if (!ua_chan) { DBG("Application channel is being teardown. Abort event notify"); ret = 0; + free(fields); goto error_rcu_unlock; } @@ -4517,6 +4515,9 @@ static int reply_ust_register_channel(int sock, int sobjd, int cobjd, } else { /* Get current already assigned values. */ type = chan_reg->header_type; + free(fields); + /* Set to NULL so the error path does not do a double free. */ + fields = NULL; } /* Channel id is set during the object creation. */ chan_id = chan_reg->chan_id; @@ -4552,6 +4553,9 @@ error: pthread_mutex_unlock(®istry->lock); error_rcu_unlock: rcu_read_unlock(); + if (ret) { + free(fields); + } return ret; } @@ -4584,6 +4588,9 @@ static int add_event_ust_registry(int sock, int sobjd, int cobjd, char *name, DBG("Application socket %d is being teardown. Abort event notify", sock); ret = 0; + free(sig); + free(fields); + free(model_emf_uri); goto error_rcu_unlock; } @@ -4592,6 +4599,9 @@ static int add_event_ust_registry(int sock, int sobjd, int cobjd, char *name, if (!ua_chan) { DBG("Application channel is being teardown. Abort event notify"); ret = 0; + free(sig); + free(fields); + free(model_emf_uri); goto error_rcu_unlock; } @@ -4609,6 +4619,11 @@ static int add_event_ust_registry(int sock, int sobjd, int cobjd, char *name, pthread_mutex_lock(®istry->lock); + /* + * From this point on, this call acquires the ownership of the sig, fields + * and model_emf_uri meaning any free are done inside it if needed. These + * three variables MUST NOT be read/write after this. + */ ret_code = ust_registry_create_event(registry, chan_reg_key, sobjd, cobjd, name, sig, nr_fields, fields, loglevel, model_emf_uri, ua_sess->buffer_type, &event_id); @@ -4685,7 +4700,12 @@ int ust_app_recv_notify(int sock) goto error; } - /* Add event to the UST registry coming from the notify socket. */ + /* + * Add event to the UST registry coming from the notify socket. This + * call will free if needed the sig, fields and model_emf_uri. This + * code path loses the ownsership of these variables and transfer them + * to the this function. + */ ret = add_event_ust_registry(sock, sobjd, cobjd, name, sig, nr_fields, fields, loglevel, model_emf_uri); if (ret < 0) { @@ -4713,6 +4733,11 @@ int ust_app_recv_notify(int sock) goto error; } + /* + * The fields ownership are transfered to this function call meaning + * that if needed it will be freed. After this, it's invalid to access + * fields or clean it up. + */ ret = reply_ust_register_channel(sock, sobjd, cobjd, nr_fields, fields); if (ret < 0) {