From 8494bda55cb1a09f5db0b57968fc3e84bd2981ea Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Thu, 22 Aug 2013 16:05:58 -0400
Subject: [PATCH] Fix: check UST float field mantissa length

Fixes #473

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
---
 src/bin/lttng-sessiond/ust-app.c      |  3 +-
 src/bin/lttng-sessiond/ust-registry.c | 70 +++++++++++++++++++++++++--
 src/bin/lttng-sessiond/ust-registry.h |  3 +-
 3 files changed, 71 insertions(+), 5 deletions(-)

diff --git a/src/bin/lttng-sessiond/ust-app.c b/src/bin/lttng-sessiond/ust-app.c
index 5c4dc5ae8..cf4b7ca77 100644
--- a/src/bin/lttng-sessiond/ust-app.c
+++ b/src/bin/lttng-sessiond/ust-app.c
@@ -4664,7 +4664,8 @@ static int add_event_ust_registry(int sock, int sobjd, int cobjd, char *name,
 	 */
 	ret_code = ust_registry_create_event(registry, chan_reg_key,
 			sobjd, cobjd, name, sig, nr_fields, fields, loglevel,
-			model_emf_uri, ua_sess->buffer_type, &event_id);
+			model_emf_uri, ua_sess->buffer_type, &event_id,
+			app);
 
 	/*
 	 * The return value is returned to ustctl so in case of an error, the
diff --git a/src/bin/lttng-sessiond/ust-registry.c b/src/bin/lttng-sessiond/ust-registry.c
index e22fc6fcf..65ba82c1b 100644
--- a/src/bin/lttng-sessiond/ust-registry.c
+++ b/src/bin/lttng-sessiond/ust-registry.c
@@ -23,6 +23,7 @@
 #include <lttng/lttng.h>
 
 #include "ust-registry.h"
+#include "ust-app.h"
 #include "utils.h"
 
 /*
@@ -71,16 +72,78 @@ static unsigned long ht_hash_event(void *_key, unsigned long seed)
 	return hash_key_u64(&xored_key, seed);
 }
 
+/*
+ * Return negative value on error, 0 if OK.
+ *
+ * TODO: we could add stricter verification of more types to catch
+ * errors in liblttng-ust implementation earlier than consumption by the
+ * trace reader.
+ */
+static
+int validate_event_field(struct ustctl_field *field,
+		const char *event_name,
+		struct ust_app *app)
+{
+	switch(field->type.atype) {
+	case ustctl_atype_integer:
+	case ustctl_atype_enum:
+	case ustctl_atype_array:
+	case ustctl_atype_sequence:
+	case ustctl_atype_string:
+		break;
+
+	case ustctl_atype_float:
+		switch (field->type.u.basic._float.mant_dig) {
+		case 0:
+			WARN("UST application '%s' (pid: %d) has unknown float mantissa '%u' "
+				"in field '%s', rejecting event '%s'",
+				app->name, app->pid,
+				field->type.u.basic._float.mant_dig,
+				field->name,
+				event_name);
+			return -EINVAL;
+		default:
+			break;
+		}
+		break;
+
+	default:
+		return -ENOENT;
+	}
+	return 0;
+}
+
+static
+int validate_event_fields(size_t nr_fields, struct ustctl_field *fields,
+		const char *event_name, struct ust_app *app)
+{
+	unsigned int i;
+
+	for (i = 0; i < nr_fields; i++) {
+		if (validate_event_field(&fields[i], event_name, app) < 0)
+			return -EINVAL;
+	}
+	return 0;
+}
+
 /*
  * Allocate event and initialize it. This does NOT set a valid event id from a
  * registry.
  */
 static struct ust_registry_event *alloc_event(int session_objd,
 		int channel_objd, char *name, char *sig, size_t nr_fields,
-		struct ustctl_field *fields, int loglevel, char *model_emf_uri)
+		struct ustctl_field *fields, int loglevel, char *model_emf_uri,
+		struct ust_app *app)
 {
 	struct ust_registry_event *event = NULL;
 
+	/*
+	 * Ensure that the field content is valid.
+	 */
+	if (validate_event_fields(nr_fields, fields, name, app) < 0) {
+		return NULL;
+	}
+
 	event = zmalloc(sizeof(*event));
 	if (!event) {
 		PERROR("zmalloc ust registry event");
@@ -185,7 +248,8 @@ end:
 int ust_registry_create_event(struct ust_registry_session *session,
 		uint64_t chan_key, int session_objd, int channel_objd, char *name,
 		char *sig, size_t nr_fields, struct ustctl_field *fields, int loglevel,
-		char *model_emf_uri, int buffer_type, uint32_t *event_id_p)
+		char *model_emf_uri, int buffer_type, uint32_t *event_id_p,
+		struct ust_app *app)
 {
 	int ret;
 	uint32_t event_id;
@@ -222,7 +286,7 @@ int ust_registry_create_event(struct ust_registry_session *session,
 	}
 
 	event = alloc_event(session_objd, channel_objd, name, sig, nr_fields,
-			fields, loglevel, model_emf_uri);
+			fields, loglevel, model_emf_uri, app);
 	if (!event) {
 		ret = -ENOMEM;
 		goto error_free;
diff --git a/src/bin/lttng-sessiond/ust-registry.h b/src/bin/lttng-sessiond/ust-registry.h
index a82aeb208..f195b7447 100644
--- a/src/bin/lttng-sessiond/ust-registry.h
+++ b/src/bin/lttng-sessiond/ust-registry.h
@@ -225,7 +225,8 @@ void ust_registry_session_destroy(struct ust_registry_session *session);
 int ust_registry_create_event(struct ust_registry_session *session,
 		uint64_t chan_key, int session_objd, int channel_objd, char *name,
 		char *sig, size_t nr_fields, struct ustctl_field *fields, int loglevel,
-		char *model_emf_uri, int buffer_type, uint32_t *event_id_p);
+		char *model_emf_uri, int buffer_type, uint32_t *event_id_p,
+		struct ust_app *app);
 struct ust_registry_event *ust_registry_find_event(
 		struct ust_registry_channel *chan, char *name, char *sig);
 void ust_registry_destroy_event(struct ust_registry_channel *chan,
-- 
2.34.1