Fix: event-expr.c: use-after-free and NULL ptr deref in error path
use-after-free
==============
The following functions are affected:
`lttng_event_expr_app_specific_context_field_create()`, and
`lttng_event_expr_array_field_element_create()`.
In one error path we call `lttng_event_expr_destroy()` with the
`&expr->parent` pointer (which is dynamically allocated) and this
function then calls free() on that pointer. Right after that function
call we return the pointer that was just freed.
Fix that by adding a `ret_parent_expr` pointer that is set to NULL on
the error path;
Null pointer dereference
========================
The following functions are affected:
`lttng_event_expr_app_specific_context_field_create()`,
`lttng_event_expr_array_field_element_create()`, and
`create_field_event_expr()`.
We dereference a NULL pointer if the argument sanity check fails.
Fix that by checking if `expr` is non-null before dereferencing it.
Found with scan-build.
Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I5fdde462d7345d0dae7ecd2e4f46473a92cd11a9
This page took 0.025175 seconds and 4 git commands to generate.