[lttng-dev] [PATCH lttng-tools] Fix: Memory leak on error paths of relay_add_stream

[Christian Babeux]

On error paths the memory allocated for stream is never freed.

Also, fix undefined behavior on asprintf alloc failure. According to
asprintf(3), the content of the pointer passed to it is undefined if
an alloc failure occurs, so we could end up freeing a pointer in an
undefined state. Force its value to NULL.

Signed-off-by: Christian Babeux <christian.babeux at efficios.com>
---
 src/bin/lttng-relayd/main.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/bin/lttng-relayd/main.c b/src/bin/lttng-relayd/main.c
index 4f9d742..00b7ea3 100644
--- a/src/bin/lttng-relayd/main.c
+++ b/src/bin/lttng-relayd/main.c
@@ -941,6 +941,7 @@ int relay_add_stream(struct lttcomm_relayd_hdr *recv_hdr,
 	ret = asprintf(&path, "%s/%s", root_path, stream_info.channel_name);
 	if (ret < 0) {
 		PERROR("asprintf stream path");
+		path = NULL;
 		goto end;
 	}
 
@@ -963,13 +964,17 @@ int relay_add_stream(struct lttcomm_relayd_hdr *recv_hdr,
 end:
 	free(path);
 	free(root_path);
+
+	reply.handle = htobe64(stream->stream_handle);
 	/* send the session id to the client or a negative return code on error */
 	if (ret < 0) {
 		reply.ret_code = htobe32(LTTNG_ERR_UNK);
+		/* stream was not properly added to the ht, so free it */
+		free(stream);
 	} else {
 		reply.ret_code = htobe32(LTTNG_OK);
 	}
-	reply.handle = htobe64(stream->stream_handle);
+
 	send_ret = cmd->sock->ops->sendmsg(cmd->sock, &reply,
 			sizeof(struct lttcomm_relayd_status_stream), 0);
 	if (send_ret < 0) {
-- 
1.8.1.3