[lttng-dev] [RFC PATCH v2 babeltrace] Fix: Double free when calling bt_context_remove_trace().

[Jérémie Galarneau]

ctf_close_trace was being called twice when calling bt_context_remove_trace thus
causing free() to be called on an invalid pointer.

Calling bt_context_remove_trace() would call ctf_close_trace() once via the
close_handle callback registered on the ctf format struct and a second call would
take place from bt_trace_handle_destroy() which is registered as the
value_destroy_func on the trace_handles hash table of the current context.

bt_trace_handle_destroy() now only deallocates the trace handle and does not
perform the trace closing. This makes the bt_trace_handle_create/destroy and
bt_context_add/remove_trace parts of the public API symmetric.

The crash is reproducible by invoking the tests-python.py script.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
---
 lib/trace-handle.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/trace-handle.c b/lib/trace-handle.c
index 0da565b..455e440 100644
--- a/lib/trace-handle.c
+++ b/lib/trace-handle.c
@@ -49,7 +49,6 @@ struct bt_trace_handle *bt_trace_handle_create(struct bt_context *ctx)
 
 void bt_trace_handle_destroy(struct bt_trace_handle *th)
 {
-	th->format->close_trace(th->td);
 	g_free(th);
 }
 
-- 
1.8.1.1