Fix: sessiond: use of uninitialized memory in buffer-usage condition
Issue
=====
valgrind reports the following:
==436327== Thread 9 Client manageme:
==436327== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==436327== at 0x51E418D: __libc_sendmsg (sendmsg.c:28)
==436327== by 0x51E418D: sendmsg (sendmsg.c:25)
==436327== by 0x20D436: lttcomm_send_unix_sock (unix.c:294)
==436327== by 0x186F08: send_unix_sock (client.c:895)
==436327== by 0x18BAFA: thread_manage_clients (client.c:2800)
==436327== by 0x18147D: launch_thread (thread.c:66)
==436327== by 0x51D8608: start_thread (pthread_create.c:477)
==436327== by 0x5314292: clone (clone.S:95)
==436327== Address 0x7540ec1 is 97 bytes inside a block of size 256 alloc'd
==436327== at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==436327== by 0x1E7556: lttng_dynamic_buffer_set_capacity (dynamic-buffer.c:166)
==436327== by 0x1E72FC: lttng_dynamic_buffer_append (dynamic-buffer.c:55)
==436327== by 0x1DE604: lttng_condition_buffer_usage_serialize (buffer-usage.c:123)
==436327== by 0x1DFF47: lttng_condition_serialize (condition.c:98)
==436327== by 0x20ACD0: lttng_trigger_serialize (trigger.c:328)
==436327== by 0x189EBE: process_client_msg (client.c:2258)
==436327== by 0x18B761: thread_manage_clients (client.c:2742)
==436327== by 0x18147D: launch_thread (thread.c:66)
==436327== by 0x51D8608: start_thread (pthread_create.c:477)
==436327== by 0x5314292: clone (clone.S:95)
This can be reproduce by running the sessiond under valgrind and
launching the following binary to register buffer-usage conditions:
./tests/regression/tools/trigger/utils/register-some-triggers test_buffer_usage_conditions
The valgrind report is pointing us toward the `struct
lttng_condition_buffer_usage_comm` stack allocation in the
`lttng_condition_buffer_usage_serialize()` function.
The actual issue is that the threshold_bytes/threshold_ratio will not be
initialized in that structure depending on the way the threshold is
expressed.
Fix
===
Make sure the struct is zeroed at the declaration site.
Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I2046f4e0e1d857cfd1a53e0c13aea55f17adada3
This page took 0.025853 seconds and 4 git commands to generate.