Fix: sessiond: NULL pointer dereference after NULL check
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 27 Mar 2020 15:27:13 +0000 (11:27 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 27 Mar 2020 16:51:29 +0000 (12:51 -0400)
The process attribute value deserialization allows the buffer view to
be NULL when the value's type is not USER_NAME nor GROUP_NAME. This is
not checked when ensuring that no string is passed (len == 0) in the
case of integral values.

A NULL check is added to the condition.

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I343f747c325f739196284dadd3c407cfb4084268

src/common/tracker.c

index 0f69c775b75f6d1c08e213fa547bcbbf5feb7daa..e4aae431d19a4896c818267c4ab781c0b85bac08 100644 (file)
@@ -106,7 +106,8 @@ enum lttng_error_code process_attr_value_from_comm(
        if (is_value_type_name(value_type) && value_view->size == 0) {
                ret = LTTNG_ERR_INVALID_PROTOCOL;
                goto error;
-       } else if (!is_value_type_name(value_type) && value_view->size != 0) {
+       } else if (!is_value_type_name(value_type) && value_view &&
+                       value_view->size != 0) {
                ret = LTTNG_ERR_INVALID_PROTOCOL;
                goto error;
        }
This page took 0.027142 seconds and 4 git commands to generate.