Fix: bytecode linker: iteration on wrong list head
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fri, 12 Mar 2021 14:36:46 +0000 (09:36 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fri, 12 Mar 2021 14:37:48 +0000 (09:37 -0500)
commita345f62132ac5b75d752af0741ac82da291f176d
treec19efee0d3bb5b512332b2815710fa13b2b39761
parentdd1ee9589c12b053ede875f28d6f235187dd8c4f
Fix: bytecode linker: iteration on wrong list head

lttng_enabler_link_bytecode() calls link_bytecode() passing an insertion
location (insert_loc) within the list. This insert location is meant to
be used as cursor position where to add the new element.

However, bytecode_is_linked() uses it as iteration list head, and this
is where things fall apart: it will thus consider the real list head as
being a list node, and will erroneously think that it is contained
within a struct lttng_bytecode_runtime, and thus try to perform possibly
out-of-bound read or read garbage data for the comparison.

It worked fine most of the time because in usual scenarios the insert
location is the list head. It falls apart when many bytecodes are linked
to a given event.

Fixes: 2dfda770cc6 ("Decouple `struct lttng_event` from filter code")
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I7463c7a9399b8f7f7d0e3d74e6427aae46cf56ff
src/lttng-bytecode.c
This page took 0.026315 seconds and 4 git commands to generate.