From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Wed, 21 Apr 2021 19:28:31 +0000 (-0400)
Subject: Fix: error-query: leak of trigger on malformed error-query comm buffer
X-Git-Tag: v2.13.0-rc1~59
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=9de6375f04f962e9eae34ad90f4c66e8bf15c2a8

Fix: error-query: leak of trigger on malformed error-query comm buffer

CID 1452633 (#1 of 1): Resource leak (RESOURCE_LEAK)
10. leaked_storage: Variable trigger going out of scope leaks the
storage it points to

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ic3ab0c41b6667fb875992e545fcba046edc071fc
---

diff --git a/src/common/error-query.c b/src/common/error-query.c
index d4395b467..031257b27 100644
--- a/src/common/error-query.c
+++ b/src/common/error-query.c
@@ -739,6 +739,7 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 {
 	ssize_t used_size = 0;
 	struct lttng_error_query_comm *header;
+	struct lttng_trigger *trigger = NULL;
 	struct lttng_payload_view header_view =
 			lttng_payload_view_from_view(view, 0, sizeof(*header));
 
@@ -754,7 +755,6 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 	switch ((enum lttng_error_query_target_type) header->target_type) {
 	case LTTNG_ERROR_QUERY_TARGET_TYPE_TRIGGER:
 	{
-		struct lttng_trigger *trigger;
 		ssize_t trigger_used_size;
 		struct lttng_payload_view trigger_view =
 				lttng_payload_view_from_view(
@@ -775,7 +775,6 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 		used_size += trigger_used_size;
 
 		*query = lttng_error_query_trigger_create(trigger);
-		lttng_trigger_put(trigger);
 		if (!*query) {
 			used_size = -1;
 			goto end;
@@ -785,7 +784,6 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 	}
 	case LTTNG_ERROR_QUERY_TARGET_TYPE_ACTION:
 	{
-		struct lttng_trigger *trigger;
 		const struct lttng_action *target_action;
 		ssize_t trigger_used_size;
 		struct lttng_error_query_action_comm *action_header;
@@ -841,7 +839,6 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 
 		*query = lttng_error_query_action_create(
 				trigger, target_action);
-		lttng_trigger_put(trigger);
 		if (!*query) {
 			used_size = -1;
 			goto end;
@@ -855,6 +852,7 @@ ssize_t lttng_error_query_create_from_payload(struct lttng_payload_view *view,
 	}
 
 end:
+	lttng_trigger_put(trigger);
 	return used_size;
 }