From a3a75bf4721736ec16c30ee70de95e773fedf53b Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 3 Feb 2020 14:34:53 -0500 Subject: [PATCH] Fix: trace-chunk: dereference after NULL check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit old_path is used directly even though it is checked for NULL. The situation highlighted by Coverity does not appear to be possible given the current use of the API. However, it should still be checked to catch future errors (or current bugs). 1412200 Dereference after null check Either the check against null is unnecessary, or there may be a null pointer dereference. In lttng_trace_chunk_rename_path_no_lock: Pointer is checked against null but then dereferenced anyway (CWE-476) Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau Change-Id: I991231cc636eaed98cb84eec08a5072748ff9ef4 --- src/common/trace-chunk.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/common/trace-chunk.c b/src/common/trace-chunk.c index f909a682f..ea952220b 100644 --- a/src/common/trace-chunk.c +++ b/src/common/trace-chunk.c @@ -859,7 +859,7 @@ enum lttng_trace_chunk_status lttng_trace_chunk_rename_path_no_lock( */ chunk->chunk_directory = rename_directory; rename_directory = NULL; - } else { + } else if (old_path) { size_t i, count = lttng_dynamic_pointer_array_get_count( &chunk->top_level_directories); const bool reference_acquired = lttng_directory_handle_get( @@ -908,6 +908,10 @@ enum lttng_trace_chunk_status lttng_trace_chunk_rename_path_no_lock( ret = -1; goto end; } + } else { + /* Unexpected !old_path && !path. */ + status = LTTNG_TRACE_CHUNK_STATUS_INVALID_ARGUMENT; + goto end; } skip_move: -- 2.34.1