Fix: source.ctf.fs: 0-length packet index length causes SIGFPE

A corrupted index can present a 0-length packet index length
which will result in a division by 0 when computing the index
entry count.

Program terminated with signal SIGFPE, Arithmetic exception.
 #0  0x00007f6ecbd44978 in build_index_from_idx_file (ds_file=0x561ade51ca00, file_info=0x561ade51d000,
    msg_iter=0x561ade51cd00) at data-stream-file.c:640
640		file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size;

The index packet length is checked against the smallest valid size:
the size of an index entry as of the 1.0 CTF index version.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I83c705575d55f3b56ae413d1ce5ae0fc60121f2c
Reviewed-on: https://review.lttng.org/c/babeltrace/+/3606
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Philippe Proulx <eeppeliteloop@gmail.com>

diff --git a/src/plugins/ctf/fs-src/data-stream-file.c b/src/plugins/ctf/fs-src/data-stream-file.c
index fe14f8cc3622d99fb0688ee894ff15d74d936b47..4fe807bb90791227ba0a68a8df4614a7248ac5a8 100644 (file)
--- a/src/plugins/ctf/fs-src/data-stream-file.c
+++ b/src/plugins/ctf/fs-src/data-stream-file.c
@@ -648,6 +648,13 @@ struct ctf_fs_ds_index *build_index_from_idx_file(
        }
 
        file_index_entry_size = be32toh(header->packet_index_len);
+       if (file_index_entry_size < CTF_INDEX_1_0_SIZE) {
+               BT_COMP_LOGW("Invalid `packet_index_len` in LTTng trace index file (`packet_index_len` < CTF index 1.0 index entry size): "
+                       "packet_index_len=%zu, CTF_INDEX_1_0_SIZE=%zu",
+                       file_index_entry_size, CTF_INDEX_1_0_SIZE);
+               goto error;
+       }
+
        file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size;
        if ((filesize - sizeof(*header)) % file_index_entry_size) {
                BT_COMP_LOGW("Invalid LTTng trace index: the index's size after the header "

diff --git a/src/plugins/ctf/fs-src/lttng-index.h b/src/plugins/ctf/fs-src/lttng-index.h
index 237477196cfce32f001e48b51d72abde6982c900..70462e7b2e68e519e0c884d472a054bf0bc7f8c4 100644 (file)
--- a/src/plugins/ctf/fs-src/lttng-index.h
+++ b/src/plugins/ctf/fs-src/lttng-index.h
@@ -25,11 +25,13 @@
 #ifndef LTTNG_INDEX_H
 #define LTTNG_INDEX_H
 
+#include <stddef.h>
 #include "compat/limits.h"
 
 #define CTF_INDEX_MAGIC 0xC1F1DCC1
 #define CTF_INDEX_MAJOR 1
 #define CTF_INDEX_MINOR 1
+#define CTF_INDEX_1_0_SIZE offsetof(struct ctf_packet_index, stream_instance_id)
 
 /*
  * Header at the beginning of each index file.