Fix: do not repurpose iterator while it is being used
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 12 Dec 2018 22:37:54 +0000 (17:37 -0500)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Mon, 21 Jan 2019 21:29:26 +0000 (16:29 -0500)
The hash table iteration uses an iterator that needs to stay valid for
the next loop. Using that same iterator variable in a nested lookup in a
different hash table leads to segmentation fault.

This is a 2.10-specific instance of the issue affecting
bind_trigger_to_matching_channels() which was found in the
master and 2.11 branches. This one affects
handle_notification_thread_command_register_trigger().

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/notification-thread-events.c

index 6777fd6dd1f3b34f228981bd4b9aaf30a27dd07e..f54141e73b2a14341b1bd1610db5e8400daeb530 100644 (file)
@@ -1119,6 +1119,7 @@ int handle_notification_thread_command_register_trigger(
                        channels_ht_node) {
                struct lttng_trigger_list_element *trigger_list_element;
                struct lttng_channel_trigger_list *trigger_list;
+               struct cds_lfht_iter lookup_iter;
 
                if (!trigger_applies_to_channel(trigger, channel)) {
                        continue;
@@ -1128,8 +1129,8 @@ int handle_notification_thread_command_register_trigger(
                                hash_channel_key(&channel->key),
                                match_channel_trigger_list,
                                &channel->key,
-                               &iter);
-               node = cds_lfht_iter_get_node(&iter);
+                               &lookup_iter);
+               node = cds_lfht_iter_get_node(&lookup_iter);
                assert(node);
                trigger_list = caa_container_of(node,
                                struct lttng_channel_trigger_list,
This page took 0.027776 seconds and 4 git commands to generate.