Fix: command reply message is leaked for variable-len replies
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Sat, 6 Apr 2019 19:16:38 +0000 (15:16 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 8 Apr 2019 20:00:26 +0000 (16:00 -0400)
Commands which return a variable-length payload re-setup the
command context using setup_lttng_msg() (and its wrappers).

In doing so, the lttcomm_lttng_msg structure (plus its trailing
variable-length payload) are re-allocated. However, the previous
instance of lttcomm_lttng_msg is leaked.

This is solved by free()-ing the original lttcomm_lttng_msg when
setup_lttng_msg() is used. When it is only used once, a NULL
pointer will be free'd without any effect.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/client.c

index a889529a76967f881c9c05159ccdb55300336f51..fb50b3cc614eaecdf4aacfa9acabb3ad88c1d604 100644 (file)
@@ -81,6 +81,7 @@ static int setup_lttng_msg(struct command_ctx *cmd_ctx,
        const size_t payload_offset = cmd_header_offset + cmd_header_len;
        const size_t total_msg_size = header_len + cmd_header_len + payload_len;
 
+       free(cmd_ctx->llm);
        cmd_ctx->llm = zmalloc(total_msg_size);
 
        if (cmd_ctx->llm == NULL) {
This page took 0.026527 seconds and 4 git commands to generate.