Fix: sessiond: use of uninitialized memory in buffer-usage condition
authorFrancis Deslauriers <francis.deslauriers@efficios.com>
Tue, 25 May 2021 21:45:57 +0000 (17:45 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 26 May 2021 21:23:49 +0000 (17:23 -0400)
commitd33bfbbfb1850888fa4fa8edba0ac97c265df2bc
tree298c8c366565655148a357f49796464cc7dd7436
parentcb9222ff73524b91bee4f968613a78340a727a04
Fix: sessiond: use of uninitialized memory in buffer-usage condition

Issue
=====

valgrind reports the following:
  ==436327== Thread 9 Client manageme:
  ==436327== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
  ==436327==    at 0x51E418D: __libc_sendmsg (sendmsg.c:28)
  ==436327==    by 0x51E418D: sendmsg (sendmsg.c:25)
  ==436327==    by 0x20D436: lttcomm_send_unix_sock (unix.c:294)
  ==436327==    by 0x186F08: send_unix_sock (client.c:895)
  ==436327==    by 0x18BAFA: thread_manage_clients (client.c:2800)
  ==436327==    by 0x18147D: launch_thread (thread.c:66)
  ==436327==    by 0x51D8608: start_thread (pthread_create.c:477)
  ==436327==    by 0x5314292: clone (clone.S:95)
  ==436327==  Address 0x7540ec1 is 97 bytes inside a block of size 256 alloc'd
  ==436327==    at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==436327==    by 0x1E7556: lttng_dynamic_buffer_set_capacity (dynamic-buffer.c:166)
  ==436327==    by 0x1E72FC: lttng_dynamic_buffer_append (dynamic-buffer.c:55)
  ==436327==    by 0x1DE604: lttng_condition_buffer_usage_serialize (buffer-usage.c:123)
  ==436327==    by 0x1DFF47: lttng_condition_serialize (condition.c:98)
  ==436327==    by 0x20ACD0: lttng_trigger_serialize (trigger.c:328)
  ==436327==    by 0x189EBE: process_client_msg (client.c:2258)
  ==436327==    by 0x18B761: thread_manage_clients (client.c:2742)
  ==436327==    by 0x18147D: launch_thread (thread.c:66)
  ==436327==    by 0x51D8608: start_thread (pthread_create.c:477)
  ==436327==    by 0x5314292: clone (clone.S:95)

This can be reproduce by running the sessiond under valgrind and
launching the following binary to register buffer-usage conditions:
  ./tests/regression/tools/trigger/utils/register-some-triggers test_buffer_usage_conditions

The valgrind report is pointing us toward the `struct
lttng_condition_buffer_usage_comm` stack allocation in the
`lttng_condition_buffer_usage_serialize()` function.

The actual issue is that the threshold_bytes/threshold_ratio will not be
initialized in that structure depending on the way the threshold is
expressed.

Fix
===

Make sure the struct is zeroed at the declaration site.

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I2046f4e0e1d857cfd1a53e0c13aea55f17adada3
src/common/conditions/buffer-usage.c
This page took 0.025853 seconds and 4 git commands to generate.