Fix: bytecode linker: validate event and field array/sequence encoding

The bytecode linker should only allow linking filter expressions loading
fields which are string-encoded arrays and sequence for comparison
against a string, and reject arrays and sequences without encoding, so
the filter interpreter does not attempt to load non-NULL terminated
arrays/sequences as if they were strings.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I7e0d42dc53738f36af372b4352c44bc1fff916d1

diff --git a/liblttng-ust/lttng-bytecode.c b/liblttng-ust/lttng-bytecode.c
index 3fe50c36e707599d79b6e13b41de4fe5444e0bde..d4161fc3b451e0973af95729e823b08431ed9756 100644 (file)
--- a/liblttng-ust/lttng-bytecode.c
+++ b/liblttng-ust/lttng-bytecode.c
@@ -244,9 +244,23 @@ int apply_field_reloc(const struct lttng_ust_event_desc *event_desc,
                        op->op = BYTECODE_OP_LOAD_FIELD_REF_S64;
                        break;
                case lttng_ust_type_array:
+               {
+                       struct lttng_ust_type_array *array = (struct lttng_ust_type_array *) field->type;
+
+                       if (array->encoding == lttng_ust_string_encoding_none)
+                               return -EINVAL;
+                       op->op = BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE;
+                       break;
+               }
                case lttng_ust_type_sequence:
+               {
+                       struct lttng_ust_type_sequence *sequence = (struct lttng_ust_type_sequence *) field->type;
+
+                       if (sequence->encoding == lttng_ust_string_encoding_none)
+                               return -EINVAL;
                        op->op = BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE;
                        break;
+               }
                case lttng_ust_type_string:
                        op->op = BYTECODE_OP_LOAD_FIELD_REF_STRING;
                        break;
@@ -316,10 +330,26 @@ int apply_context_reloc(struct bytecode_runtime *runtime,
                case lttng_ust_type_enum:
                        op->op = BYTECODE_OP_GET_CONTEXT_REF_S64;
                        break;
-                       /* Sequence and array supported as string */
-               case lttng_ust_type_string:
+                       /* Sequence and array supported only as string */
                case lttng_ust_type_array:
+               {
+                       struct lttng_ust_type_array *array = (struct lttng_ust_type_array *) ctx_field->event_field->type;
+
+                       if (array->encoding == lttng_ust_string_encoding_none)
+                               return -EINVAL;
+                       op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
+                       break;
+               }
                case lttng_ust_type_sequence:
+               {
+                       struct lttng_ust_type_sequence *sequence = (struct lttng_ust_type_sequence *) ctx_field->event_field->type;
+
+                       if (sequence->encoding == lttng_ust_string_encoding_none)
+                               return -EINVAL;
+                       op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
+                       break;
+               }
+               case lttng_ust_type_string:
                        op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
                        break;
                case lttng_ust_type_float: