[lttng-dev] [RFC PATCH v2 babeltrace] Fix: Double free when calling bt_context_remove_trace().
Jérémie Galarneau
jeremie.galarneau at efficios.com
Mon Jan 21 10:58:12 EST 2013
ctf_close_trace was being called twice when calling bt_context_remove_trace thus
causing free() to be called on an invalid pointer.
Calling bt_context_remove_trace() would call ctf_close_trace() once via the
close_handle callback registered on the ctf format struct and a second call would
take place from bt_trace_handle_destroy() which is registered as the
value_destroy_func on the trace_handles hash table of the current context.
bt_trace_handle_destroy() now only deallocates the trace handle and does not
perform the trace closing. This makes the bt_trace_handle_create/destroy and
bt_context_add/remove_trace parts of the public API symmetric.
The crash is reproducible by invoking the tests-python.py script.
Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
---
lib/trace-handle.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/trace-handle.c b/lib/trace-handle.c
index 0da565b..455e440 100644
--- a/lib/trace-handle.c
+++ b/lib/trace-handle.c
@@ -49,7 +49,6 @@ struct bt_trace_handle *bt_trace_handle_create(struct bt_context *ctx)
void bt_trace_handle_destroy(struct bt_trace_handle *th)
{
- th->format->close_trace(th->td);
g_free(th);
}
--
1.8.1.1
More information about the lttng-dev
mailing list