Fix: Uninitialized pointer read

The lttng poll clean call is slightly changed to handle negative epoll
fd so we don't close anything blindly creating perror() outputs for
nothing.

Issue 1019895 of coverity scan.

Signed-off-by: David Goulet <dgoulet@efficios.com>

diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
index c3f8ab3bdbc7dfb8aff2c5eca9b146276c6ac22d..efaaf4ffa99f40c5cc0dac877e796a7eda86e5ea 100644 (file)
--- a/src/bin/lttng-sessiond/main.c
+++ b/src/bin/lttng-sessiond/main.c
@@ -3097,6 +3097,10 @@ static void *thread_manage_health(void *data)
 
        rcu_register_thread();
 
+       /* We might hit an error path before this is set once. */
+       memset(&events, 0, sizeof(events));
+       events.epfd = -1;
+
        /* Create unix socket */
        sock = lttcomm_create_unix_sock(health_unix_sock_path);
        if (sock < 0) {

diff --git a/src/common/compat/poll.h b/src/common/compat/poll.h
index 9e889767f8321a05ea23f97c211086cf0c6e3836..e69d59b42d054efbc900fd5412db093362fc5190 100644 (file)
--- a/src/common/compat/poll.h
+++ b/src/common/compat/poll.h
@@ -166,13 +166,18 @@ static inline void lttng_poll_clean(struct lttng_poll_event *events)
 {
        int ret;
 
-       if (events) {
+       if (!events) {
+               return;
+       }
+
+       if (events->epfd >= 0) {
                ret = close(events->epfd);
                if (ret) {
                        perror("close");
                }
-               __lttng_poll_free((void *) events->events);
        }
+
+       __lttng_poll_free((void *) events->events);
 }
 
 #else  /* HAVE_EPOLL */