From d7b3776ffb1bef894e7bc4cbfe45c5c2d58b8600 Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@efficios.com>
Date: Fri, 26 Oct 2012 10:28:21 -0400
Subject: [PATCH] Fix: Cppcheck memleakOnRealloc mistake

Common realloc mistake: "data_buffer" nulled but not freed upon failure.
Common realloc mistake: "tmp" nulled but not freed upon failure

Signed-off-by: David Goulet <dgoulet@efficios.com>
---
 src/bin/lttng-relayd/main.c      | 5 +++++
 src/bin/lttng-sessiond/ust-app.c | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/src/bin/lttng-relayd/main.c b/src/bin/lttng-relayd/main.c
index ebbe5e393..9e6d4bf9f 100644
--- a/src/bin/lttng-relayd/main.c
+++ b/src/bin/lttng-relayd/main.c
@@ -1208,9 +1208,12 @@ int relay_recv_metadata(struct lttcomm_relayd_hdr *recv_hdr,
 	payload_size -= sizeof(struct lttcomm_relayd_metadata_payload);
 
 	if (data_buffer_size < data_size) {
+		/* In case the realloc fails, we can free the memory */
+		char *tmp_data_ptr = data_buffer;
 		data_buffer = realloc(data_buffer, data_size);
 		if (!data_buffer) {
 			ERR("Allocating data buffer");
+			free(tmp_data_ptr);
 			ret = -1;
 			goto end;
 		}
@@ -1482,9 +1485,11 @@ int relay_process_data(struct relay_command *cmd, struct lttng_ht *streams_ht)
 
 	data_size = be32toh(data_hdr.data_size);
 	if (data_buffer_size < data_size) {
+		char *tmp_data_ptr = data_buffer;
 		data_buffer = realloc(data_buffer, data_size);
 		if (!data_buffer) {
 			ERR("Allocating data buffer");
+			free(tmp_data_ptr);
 			ret = -1;
 			goto end_unlock;
 		}
diff --git a/src/bin/lttng-sessiond/ust-app.c b/src/bin/lttng-sessiond/ust-app.c
index fc8728dd2..c93f93dc9 100644
--- a/src/bin/lttng-sessiond/ust-app.c
+++ b/src/bin/lttng-sessiond/ust-app.c
@@ -1579,12 +1579,15 @@ int ust_app_list_events(struct lttng_event **events)
 						&uiter)) != -ENOENT) {
 			health_code_update(&health_thread_cmd);
 			if (count >= nbmem) {
+				/* In case the realloc fails, we free the memory */
+				void *tmp_ptr = (void *) tmp;
 				DBG2("Reallocating event list from %zu to %zu entries", nbmem,
 						2 * nbmem);
 				nbmem *= 2;
 				tmp = realloc(tmp, nbmem * sizeof(struct lttng_event));
 				if (tmp == NULL) {
 					PERROR("realloc ust app events");
+					free(tmp_ptr);
 					ret = -ENOMEM;
 					goto rcu_error;
 				}
@@ -1654,12 +1657,15 @@ int ust_app_list_event_fields(struct lttng_event_field **fields)
 						&uiter)) != -ENOENT) {
 			health_code_update(&health_thread_cmd);
 			if (count >= nbmem) {
+				/* In case the realloc fails, we free the memory */
+				void *tmp_ptr = (void *) tmp;
 				DBG2("Reallocating event field list from %zu to %zu entries", nbmem,
 						2 * nbmem);
 				nbmem *= 2;
 				tmp = realloc(tmp, nbmem * sizeof(struct lttng_event_field));
 				if (tmp == NULL) {
 					PERROR("realloc ust app event fields");
+					free(tmp_ptr);
 					ret = -ENOMEM;
 					goto rcu_error;
 				}
-- 
2.34.1