Fix: lttng: out-of-bound copy of arguments in 'view' command handler
[lttng-tools.git] / src / bin / lttng / commands / view.c
index faca60de8b980adfe60afcb2ac68a7c202a65595..8e63a8997837079f2ef97a00ea9cfbe985f4a167 100644 (file)
@@ -188,7 +188,7 @@ static char **alloc_argv_from_local_opts(const char **opts, size_t opts_len,
                goto error;
        }
 
-       memcpy(argv, opts, size);
+       memcpy(argv, opts, sizeof(char *) * opts_len);
 
        if (session_live_mode) {
                argv[opts_len] = "-i";
@@ -302,6 +302,7 @@ static int view_trace(void)
        int ret;
        char *session_name, *trace_path = NULL;
        struct lttng_session *sessions = NULL;
+       bool free_trace_path = false;
 
        /*
         * Safety net. If lttng is suid at some point for *any* useless reasons,
@@ -379,6 +380,7 @@ static int view_trace(void)
                                ret = CMD_ERROR;
                                goto free_sessions;
                        }
+                       free_trace_path = true;
                } else {
                        /* Get file system session path. */
                        trace_path = sessions[i].path;
@@ -396,7 +398,7 @@ static int view_trace(void)
        }
 
 free_sessions:
-       if (session_live_mode) {
+       if (session_live_mode && free_trace_path) {
                free(trace_path);
        }
        free(sessions);
This page took 0.024451 seconds and 5 git commands to generate.