Fix: lttng: add-trigger: invalid access past end of exclusions buffer
The following command causes the `lttng` client to SEGFAULT on 32-bit
machines:
lttng add-trigger \
--condition event-rule-matches --domain=user \
'--name=jean-*' \
--exclude-name jean-chretien -x jean-charest \
--action notify
Running with valgrind results in the following report:
Invalid read of size 8
at 0x12EEA4: validate_exclusion_list (enable_events.c:354)
by 0x149018: parse_event_rule (add_trigger.c:964)
by 0x148356: handle_condition_event (add_trigger.c:1222)
by 0x147EC3: parse_condition (add_trigger.c:1300)
by 0x147702: cmd_add_trigger (add_trigger.c:2107)
by 0x154067: handle_command (lttng.c:237)
by 0x1534D1: parse_args (lttng.c:426)
by 0x152C54: main (lttng.c:475)
validate_exclusion_list expects a NULL terminated array of exclusions
while handle_condition_event prepares an array of exclusions using
the dynamic pointer array facilities (which doesn't need to
null-terminate arrays).
The code that deals with exclusions "lists" mixes various conventions
(null-terminated vs explicit size) in different places leading to this
kind of errors.
All the code that references exclusion lists, along with the string
utils, are adapted to make use of the common dynamic pointer array
facilities.
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Icbb7f0e8601c7ecc887dc9ae64d0ec6390e6aba3
12 files changed:
This page took 0.026634 seconds and 4 git commands to generate.