Fix: flt.lttng-utils.debug-info: note name memcmp() overflow

[babeltrace.git] / plugins / lttng-utils / debug-info / bin-info.c

diff --git a/plugins/lttng-utils/debug-info/bin-info.c b/plugins/lttng-utils/debug-info/bin-info.c
index f861b2ed78966aeb56118bf583dc4a85884156d3..280462906b8192cd8e98ea6f84eb1adde02cea80 100644 (file)
--- a/plugins/lttng-utils/debug-info/bin-info.c
+++ b/plugins/lttng-utils/debug-info/bin-info.c
@@ -251,8 +251,18 @@ int is_build_id_note_section(uint8_t *buf)
         * - Note type
         */
        name_sz = (uint32_t) *buf;
+
+       /*
+        * Check the note name length. The name_sz field includes the
+        * terminating null byte.
+        */
+       if (name_sz != sizeof(BUILD_ID_NOTE_NAME)) {
+               goto invalid;
+       }
+
        buf += sizeof(name_sz);
 
+       /* Ignore the note description size. */
        buf += sizeof(desc_sz);
 
        note_type = (uint32_t) *buf;