From 08b6e8e8fc5a349c0d0295b2bd33d374218ed551 Mon Sep 17 00:00:00 2001 From: Julien Desfossez Date: Fri, 26 May 2017 15:41:48 -0400 Subject: [PATCH] Fix debug-info: prevent invalid access in the original event_context MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Julien Desfossez Signed-off-by: Jérémie Galarneau --- plugins/lttng-utils/copy.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/plugins/lttng-utils/copy.c b/plugins/lttng-utils/copy.c index 68ea1237..482f372a 100644 --- a/plugins/lttng-utils/copy.c +++ b/plugins/lttng-utils/copy.c @@ -1245,7 +1245,8 @@ int copy_set_debug_info_stream_event_context(FILE *err, struct debug_info *debug_info, struct debug_info_component *component) { - struct bt_ctf_field_type *writer_event_context_type = NULL; + struct bt_ctf_field_type *writer_event_context_type = NULL, + *event_context_type = NULL; struct bt_ctf_field *writer_event_context = NULL; struct bt_ctf_field *field = NULL, *copy_field = NULL, *debug_field = NULL; struct bt_ctf_field_type *field_type = NULL; @@ -1265,6 +1266,13 @@ int copy_set_debug_info_stream_event_context(FILE *err, goto error; } + event_context_type = bt_ctf_field_get_type(event_context); + if (!event_context_type) { + fprintf(err, "[error] %s in %s:%d\n", __func__, + __FILE__, __LINE__); + goto error; + } + /* * If it is not a structure, we did not modify it to add the debug info * fields, so just assign it as is. @@ -1287,12 +1295,15 @@ int copy_set_debug_info_stream_event_context(FILE *err, goto error; } - field = bt_ctf_field_structure_get_field_by_index(event_context, i); + /* + * Prevent illegal access in the event_context. + */ + if (i < bt_ctf_field_type_structure_get_field_count(event_context_type)) { + field = bt_ctf_field_structure_get_field_by_index(event_context, i); + } /* * The debug_info field, only exists in the writer event or * if it was set by a earlier pass of the debug_info plugin. - * - * FIXME: are we replacing an exisiting debug_info struct here ?? */ if (!strcmp(field_name, component->arg_debug_info_field_name) && !field) { @@ -1338,6 +1349,7 @@ int copy_set_debug_info_stream_event_context(FILE *err, error: ret = -1; end: + bt_put(event_context_type); bt_put(writer_event_context_type); bt_put(writer_event_context); bt_put(field); -- 2.34.1