From: David Goulet <dgoulet@efficios.com>
Date: Tue, 15 Jul 2014 13:16:54 +0000 (-0400)
Subject: Fix: filter error path could free invalid ptr
X-Git-Tag: v2.6.0-rc1~141
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=7ca1dc6f290c2d9bc1c01a828ae418a8739487fb

Fix: filter error path could free invalid ptr

Also add a check for a NULL pointer when freeing the filter bytecode so
we don't deref an invalid ptr.

Signed-off-by: David Goulet <dgoulet@efficios.com>
---

diff --git a/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c b/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
index 7d6275747..1cf7cb5c3 100644
--- a/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
+++ b/src/lib/lttng-ctl/filter/filter-visitor-generate-bytecode.c
@@ -520,6 +520,10 @@ int recursive_visit_gen_bytecode(struct filter_parser_ctx *ctx,
 LTTNG_HIDDEN
 void filter_bytecode_free(struct filter_parser_ctx *ctx)
 {
+	if (!ctx) {
+		return;
+	}
+
 	if (ctx->bytecode) {
 		free(ctx->bytecode);
 		ctx->bytecode = NULL;
diff --git a/src/lib/lttng-ctl/lttng-ctl.c b/src/lib/lttng-ctl/lttng-ctl.c
index a385d1b9a..a92bf3912 100644
--- a/src/lib/lttng-ctl/lttng-ctl.c
+++ b/src/lib/lttng-ctl/lttng-ctl.c
@@ -973,7 +973,7 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle,
 			+ LTTNG_SYMBOL_NAME_LEN * exclusion_count);
 	if (!varlen_data) {
 		ret = -LTTNG_ERR_EXCLUSION_NOMEM;
-		goto filter_error;
+		goto mem_error;
 	}
 
 	/* Put exclusion names first in the data */
@@ -1002,19 +1002,19 @@ int lttng_enable_event_with_exclusions(struct lttng_handle *handle,
 			lsm.u.enable.bytecode_len + lsm.u.enable.expression_len, NULL);
 	free(varlen_data);
 
-filter_error:
-	if (filter_expression) {
+mem_error:
+	if (filter_expression && ctx) {
 		filter_bytecode_free(ctx);
 		filter_ir_free(ctx);
 		filter_parser_ctx_free(ctx);
-		if (free_filter_expression) {
-			/*
-			 * The filter expression has been replaced and must be
-			 * freed as it is not the original filter expression
-			 * received as a parameter.
-			 */
-			free(filter_expression);
-		}
+	}
+filter_error:
+	if (free_filter_expression) {
+		/*
+		 * The filter expression has been replaced and must be freed as it is
+		 * not the original filter expression received as a parameter.
+		 */
+		free(filter_expression);
 	}
 error:
 	/*