From 19380ea897c8ef6ee892185634a775cf45c67812 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 25 Nov 2019 14:37:54 -0500 Subject: [PATCH] Fix: fd-tracker: error path lead to null dereference of handle MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit A number of fd_tracker_open_fs_handle() error paths can lead to a NULL pointer dereference. The error paths are separated to cover the various initialization stages of an fs_handle. Signed-off-by: Jonathan Rajotte Signed-off-by: Jérémie Galarneau --- src/common/fd-tracker/fd-tracker.c | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/src/common/fd-tracker/fd-tracker.c b/src/common/fd-tracker/fd-tracker.c index 6f95ffc98..acbee670a 100644 --- a/src/common/fd-tracker/fd-tracker.c +++ b/src/common/fd-tracker/fd-tracker.c @@ -500,18 +500,17 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker, if (tracker->count.suspendable.active > 0) { ret = fd_tracker_suspend_handles(tracker, 1); if (ret) { - goto error_destroy; + goto end; } } else { /* * There are not enough active suspendable file - * descriptors to open a new fd and still accomodate the - * tracker's capacity. + * descriptors to open a new fd and still accommodate + * the tracker's capacity. */ WARN("Cannot open file system handle, too many unsuspendable file descriptors are opened (%u)", tracker->count.unsuspendable); - ret = -EMFILE; - goto error_destroy; + goto end; } } @@ -524,15 +523,13 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker, ret = pthread_mutex_init(&handle->lock, NULL); if (ret) { PERROR("Failed to initialize handle mutex while creating fs handle"); - free(handle); - goto error_free; + goto error_mutex_init; } handle->fd = open_from_properties(path, &properties); if (handle->fd < 0) { PERROR("Failed to open fs handle to %s, open() returned", path); - ret = -errno; - goto error_destroy; + goto error; } handle->properties = properties; @@ -542,28 +539,26 @@ struct fs_handle *fd_tracker_open_fs_handle(struct fd_tracker *tracker, if (!handle->inode) { ERR("Failed to get lttng_inode corresponding to file %s", path); - goto error_destroy; + goto error; } if (fstat(handle->fd, &fd_stat)) { PERROR("Failed to retrieve file descriptor inode while creating fs handle, fstat() returned"); - ret = -errno; - goto error_destroy; + goto error; } handle->ino = fd_stat.st_ino; fd_tracker_track(tracker, handle); - pthread_mutex_unlock(&tracker->lock); end: + pthread_mutex_unlock(&tracker->lock); return handle; -error_destroy: - pthread_mutex_destroy(&handle->lock); -error_free: +error: if (handle->inode) { lttng_inode_put(handle->inode); } + pthread_mutex_destroy(&handle->lock); +error_mutex_init: free(handle); - pthread_mutex_unlock(&tracker->lock); handle = NULL; goto end; } -- 2.34.1