A corrupted index can present a 0-length packet index length
which will result in a division by 0 when computing the index
entry count.
Program terminated with signal SIGFPE, Arithmetic exception.
#0 0x00007f6ecbd44978 in build_index_from_idx_file (ds_file=0x561ade51ca00, file_info=0x561ade51d000,
msg_iter=0x561ade51cd00) at data-stream-file.c:640
640 file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size;
The index packet length is checked against the smallest valid size:
the size of an index entry as of the 1.0 CTF index version.
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I83c705575d55f3b56ae413d1ce5ae0fc60121f2c
Reviewed-on: https://review.lttng.org/c/babeltrace/+/3606
Tested-by: jenkins <jenkins@lttng.org>
Reviewed-by: Philippe Proulx <eeppeliteloop@gmail.com>
}
file_index_entry_size = be32toh(header->packet_index_len);
+ if (file_index_entry_size < CTF_INDEX_1_0_SIZE) {
+ BT_COMP_LOGW("Invalid `packet_index_len` in LTTng trace index file (`packet_index_len` < CTF index 1.0 index entry size): "
+ "packet_index_len=%zu, CTF_INDEX_1_0_SIZE=%zu",
+ file_index_entry_size, CTF_INDEX_1_0_SIZE);
+ goto error;
+ }
+
file_entry_count = (filesize - sizeof(*header)) / file_index_entry_size;
if ((filesize - sizeof(*header)) % file_index_entry_size) {
BT_COMP_LOGW("Invalid LTTng trace index: the index's size after the header "
#ifndef LTTNG_INDEX_H
#define LTTNG_INDEX_H
+#include <stddef.h>
#include "compat/limits.h"
#define CTF_INDEX_MAGIC 0xC1F1DCC1
#define CTF_INDEX_MAJOR 1
#define CTF_INDEX_MINOR 1
+#define CTF_INDEX_1_0_SIZE offsetof(struct ctf_packet_index, stream_instance_id)
/*
* Header at the beginning of each index file.