projects / babeltrace.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e69dd25)
Fix ctf-writer: possible use after free
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 29 Nov 2013 18:26:42 +0000 (13:26 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Sun, 1 Dec 2013 01:58:27 +0000 (02:58 +0100)
ctf_stream_pos' base_mma member must be copied from stream->pos before
updating the final packet and content sizes. The original base_mma
structure will be reallocated if the packet is resized.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
formats/ctf/writer/stream.c patch | blob | blame | history

diff --git a/formats/ctf/writer/stream.c b/formats/ctf/writer/stream.c
index ac8942972ef71e71678b85f41e953f117eb1b9be..4efb369213cbbe7638b5ceaf1a473a38a0c5312f 100644 (file)
--- a/formats/ctf/writer/stream.c
+++ b/formats/ctf/writer/stream.c
@@ -464,7 +464,10 @@ int bt_ctf_stream_flush(struct bt_ctf_stream *stream)
        /*
         * Update the packet total size and content size and overwrite the
         * packet context.
+        * Copy base_mma as the packet may have been remapped (e.g. when a
+        * packet is resized).
         */
+       packet_context_pos.base_mma = stream->pos.base_mma;
        ret = set_structure_field_integer(stream_class->packet_context,
                "content_size", stream->pos.offset);
        if (ret) {
BabelTrace - Trace Format Babel Tower
This page took 0.024885 seconds and 4 git commands to generate.