Fix: filter error path could free invalid ptr

Also add a check for a NULL pointer when freeing the filter bytecode so
we don't deref an invalid ptr.

Signed-off-by: David Goulet <dgoulet@efficios.com>

diff --git a/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c b/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
index 7d62757477febbcddd0a88e8f4524d74c74682a9..1cf7cb5c3cf0324048c7d360980564494eb1450e 100644 (file)
--- a/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
+++ b/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
@@ -520,6 +520,10 @@ int recursive_visit_gen_bytecode(struct filter_parser_ctx *ctx,
 LTTNG_HIDDEN
 void filter_bytecode_free(struct filter_parser_ctx *ctx)
 {
+       if (!ctx) {
+               return;
+       }
+
        if (ctx->bytecode) {
                free(ctx->bytecode);
                ctx->bytecode = NULL;

diff --git a/src/lib/lttng-ctl/lttng-ctl.c b/src/lib/lttng-ctl/lttng-ctl.c
index a385d1b9a0a540f589d843b11a78325975cc4aa9..a92bf39125b287528d202d9160e09d7b7c7462f2 100644 (file)
--- a/src/lib/lttng-ctl/lttng-ctl.c
+++ b/src/lib/lttng-ctl/lttng-ctl.c
@@ -973,7 +973,7 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle,
                        + LTTNG_SYMBOL_NAME_LEN * exclusion_count);
        if (!varlen_data) {
                ret = -LTTNG_ERR_EXCLUSION_NOMEM;
-               goto filter_error;
+               goto mem_error;
        }
 
        /* Put exclusion names first in the data */
@@ -1002,19 +1002,19 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle,
                        lsm.u.enable.bytecode_len + lsm.u.enable.expression_len, NULL);
        free(varlen_data);
 
-filter_error:
-       if (filter_expression) {
+mem_error:
+       if (filter_expression && ctx) {
                filter_bytecode_free(ctx);
                filter_ir_free(ctx);
                filter_parser_ctx_free(ctx);
-               if (free_filter_expression) {
-                       /*
-                        * The filter expression has been replaced and must be
-                        * freed as it is not the original filter expression
-                        * received as a parameter.
-                        */
-                       free(filter_expression);
-               }
+       }
+filter_error:
+       if (free_filter_expression) {
+               /*
+                * The filter expression has been replaced and must be freed as it is
+                * not the original filter expression received as a parameter.
+                */
+               free(filter_expression);
        }
 error:
        /*