lttng-sessiond: clean-up: set free'd pointer to NULL

Set the wait_node and ust_cmd pointers to NULL after they have been
free'd to make this function easier to follow. This may also help
scan-build analyze this function as it gets confused about the values
of those variables. Currently, scan-build (clang 8.0.1) reports a
use-after free of both variables when 'app' is simultaneously null and
non-null... you read that right.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-sessiond/dispatch.c b/src/bin/lttng-sessiond/dispatch.c
index a637f23dea8e8e665b3a87b88644cc18a7337bb8..bfe4455b59a9813174469e14c0688d3bddc1d942 100644 (file)
--- a/src/bin/lttng-sessiond/dispatch.c
+++ b/src/bin/lttng-sessiond/dispatch.c
@@ -304,6 +304,7 @@ static void *thread_dispatch_ust_registration(void *data)
                                        }
                                        lttng_fd_put(LTTNG_FD_APPS, 1);
                                        free(ust_cmd);
+                                       ust_cmd = NULL;
                                        goto error;
                                }
                                CDS_INIT_LIST_HEAD(&wait_node->head);
@@ -318,7 +319,9 @@ static void *thread_dispatch_ust_registration(void *data)
                                        }
                                        lttng_fd_put(LTTNG_FD_APPS, 1);
                                        free(wait_node);
+                                       wait_node = NULL;
                                        free(ust_cmd);
+                                       ust_cmd = NULL;
                                        continue;
                                }
                                /*
@@ -329,6 +332,7 @@ static void *thread_dispatch_ust_registration(void *data)
                                wait_queue.count++;
 
                                free(ust_cmd);
+                               ust_cmd = NULL;
                                /*
                                 * We have to continue here since we don't have the notify
                                 * socket and the application MUST be added to the hash table
@@ -349,6 +353,7 @@ static void *thread_dispatch_ust_registration(void *data)
                                                wait_queue.count--;
                                                app = wait_node->app;
                                                free(wait_node);
+                                               wait_node = NULL;
                                                DBG3("UST app notify socket %d is set", ust_cmd->sock);
                                                break;
                                        }
@@ -367,6 +372,7 @@ static void *thread_dispatch_ust_registration(void *data)
                                        lttng_fd_put(LTTNG_FD_APPS, 1);
                                }
                                free(ust_cmd);
+                               ust_cmd = NULL;
                        }
 
                        if (app) {