From ef4ef75649a4f8484aa308ac7759bae9700f94e1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 1 Jun 2020 18:53:45 -0400 Subject: [PATCH] Fix: source.ctf.fs: 0-length packet index length causes SIGFPE MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit A corrupted index can present a 0-length packet index length which will result in a division by 0 when computing the index entry count. Program terminated with signal SIGFPE, Arithmetic exception. #0 0x00007f6ecbd44978 in build_index_from_idx_file (ds_file=0x561ade51ca00, file_info=0x561ade51d000, msg_iter=0x561ade51cd00) at data-stream-file.c:640 640 file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size; The index packet length is checked against the smallest valid size: the size of an index entry as of the 1.0 CTF index version. Signed-off-by: Jérémie Galarneau Change-Id: I83c705575d55f3b56ae413d1ce5ae0fc60121f2c Reviewed-on: https://review.lttng.org/c/babeltrace/+/3606 Tested-by: jenkins Reviewed-by: Philippe Proulx --- src/plugins/ctf/fs-src/data-stream-file.c | 7 +++++++ src/plugins/ctf/fs-src/lttng-index.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/src/plugins/ctf/fs-src/data-stream-file.c b/src/plugins/ctf/fs-src/data-stream-file.c index 69b0aec7..7d4ccf5a 100644 --- a/src/plugins/ctf/fs-src/data-stream-file.c +++ b/src/plugins/ctf/fs-src/data-stream-file.c @@ -632,6 +632,13 @@ struct ctf_fs_ds_index *build_index_from_idx_file( } file_index_entry_size = be32toh(header->packet_index_len); + if (file_index_entry_size < CTF_INDEX_1_0_SIZE) { + BT_COMP_LOGW("Invalid `packet_index_len` in LTTng trace index file (`packet_index_len` < CTF index 1.0 index entry size): " + "packet_index_len=%zu, CTF_INDEX_1_0_SIZE=%zu", + file_index_entry_size, CTF_INDEX_1_0_SIZE); + goto error; + } + file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size; if ((filesize - sizeof(*header)) % file_index_entry_size) { BT_COMP_LOGW("Invalid LTTng trace index: the index's size after the header " diff --git a/src/plugins/ctf/fs-src/lttng-index.h b/src/plugins/ctf/fs-src/lttng-index.h index 348a49c7..46eafa6b 100644 --- a/src/plugins/ctf/fs-src/lttng-index.h +++ b/src/plugins/ctf/fs-src/lttng-index.h @@ -9,11 +9,13 @@ #ifndef LTTNG_INDEX_H #define LTTNG_INDEX_H +#include #include "compat/limits.h" #define CTF_INDEX_MAGIC 0xC1F1DCC1 #define CTF_INDEX_MAJOR 1 #define CTF_INDEX_MINOR 1 +#define CTF_INDEX_1_0_SIZE offsetof(struct ctf_packet_index, stream_instance_id) /* * Header at the beginning of each index file. -- 2.34.1