Fix: sessiond: use of uninitialized memory in buffer-usage condition

Issue
=====

valgrind reports the following:
  ==436327== Thread 9 Client manageme:
  ==436327== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
  ==436327==    at 0x51E418D: __libc_sendmsg (sendmsg.c:28)
  ==436327==    by 0x51E418D: sendmsg (sendmsg.c:25)
  ==436327==    by 0x20D436: lttcomm_send_unix_sock (unix.c:294)
  ==436327==    by 0x186F08: send_unix_sock (client.c:895)
  ==436327==    by 0x18BAFA: thread_manage_clients (client.c:2800)
  ==436327==    by 0x18147D: launch_thread (thread.c:66)
  ==436327==    by 0x51D8608: start_thread (pthread_create.c:477)
  ==436327==    by 0x5314292: clone (clone.S:95)
  ==436327==  Address 0x7540ec1 is 97 bytes inside a block of size 256 alloc'd
  ==436327==    at 0x483DFAF: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==436327==    by 0x1E7556: lttng_dynamic_buffer_set_capacity (dynamic-buffer.c:166)
  ==436327==    by 0x1E72FC: lttng_dynamic_buffer_append (dynamic-buffer.c:55)
  ==436327==    by 0x1DE604: lttng_condition_buffer_usage_serialize (buffer-usage.c:123)
  ==436327==    by 0x1DFF47: lttng_condition_serialize (condition.c:98)
  ==436327==    by 0x20ACD0: lttng_trigger_serialize (trigger.c:328)
  ==436327==    by 0x189EBE: process_client_msg (client.c:2258)
  ==436327==    by 0x18B761: thread_manage_clients (client.c:2742)
  ==436327==    by 0x18147D: launch_thread (thread.c:66)
  ==436327==    by 0x51D8608: start_thread (pthread_create.c:477)
  ==436327==    by 0x5314292: clone (clone.S:95)

This can be reproduce by running the sessiond under valgrind and
launching the following binary to register buffer-usage conditions:
  ./tests/regression/tools/trigger/utils/register-some-triggers test_buffer_usage_conditions

The valgrind report is pointing us toward the `struct
lttng_condition_buffer_usage_comm` stack allocation in the
`lttng_condition_buffer_usage_serialize()` function.

The actual issue is that the threshold_bytes/threshold_ratio will not be
initialized in that structure depending on the way the threshold is
expressed.

Fix
===

Make sure the struct is zeroed at the declaration site.

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I2046f4e0e1d857cfd1a53e0c13aea55f17adada3

diff --git a/src/common/conditions/buffer-usage.c b/src/common/conditions/buffer-usage.c
index 54affe765d682378649d68fb3e20c2721bd5c4aa..cc9e9cde89aade3eb0a5059ca3fe628457fd1260 100644 (file)
--- a/src/common/conditions/buffer-usage.c
+++ b/src/common/conditions/buffer-usage.c
@@ -84,7 +84,7 @@ int lttng_condition_buffer_usage_serialize(
        int ret;
        struct lttng_condition_buffer_usage *usage;
        size_t session_name_len, channel_name_len;
-       struct lttng_condition_buffer_usage_comm usage_comm;
+       struct lttng_condition_buffer_usage_comm usage_comm = {};
 
        if (!condition || !IS_USAGE_CONDITION(condition)) {
                ret = -1;