Fix use after free of "filter/expression" attribute

As evidenced by Valgrind:
 Invalid read of size 4
    at 0x402E248: process_traceset (batchAnalysis.c:103)
    by 0x80558E5: lttv_hooks_call (hook.c:272)
    by 0x8053596: main (main.c:219)
  Address 0x4cea1b8 is 88 bytes inside a block of size 256 free'd
    at 0x4024D47: realloc (vg_replace_malloc.c:476)
[...]
    by 0x402E204: process_traceset (batchAnalysis.c:97)
    by 0x80558E5: lttv_hooks_call (hook.c:272)
    by 0x8053596: main (main.c:219)

Signed-off-by: Benjamin Poirier <benjamin.poirier@polymtl.ca>

diff --git a/lttv/modules/text/batchAnalysis.c b/lttv/modules/text/batchAnalysis.c
index 00286e2cc7066de96ad8a7cc29c94fa3e8ec79c7..aa30352021670cf5ae83d68db15d6f58c7fa57dd 100644 (file)
--- a/lttv/modules/text/batchAnalysis.c
+++ b/lttv/modules/text/batchAnalysis.c
@@ -100,6 +100,13 @@ static gboolean process_traceset(void *hook_data, void *call_data)
     LTTV_POINTER, &value_filter);
   g_assert(retval);
 
+  /* Repeat the search for the first element, the second search might have
+   * moved the first element (by creating the second element)
+   */
+  retval= lttv_iattribute_find_by_path(attributes, "filter/expression",
+    LTTV_POINTER, &value_expression);
+  g_assert(retval);
+
   *(value_filter.v_pointer) = lttv_filter_new();
   //g_debug("Filter string: %s",((GString*)*(value_expression.v_pointer))->str);