Fix: sessiond: null pointer dereference on initial evaluation of session

Coverity reports:
1490492 Dereference after null check
Either the check against null is unnecessary, or there may be a null
pointer dereference.

In evaluate_session_condition(lttng_condition const *, session_info const *, session_state_sample const *, lttng_evaluation **): Pointer is checked against null but then dereferenced anyway (CWE-476)

This function is used to evaluate the initial state of a session and its
transitions against a given condition.

In the case of an initial evaluation, the wrong state sample is used
which results in a null dereference.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ia465e26d2bf0dae725504915fa62332ecf8c7784

diff --git a/src/bin/lttng-sessiond/notification-thread-events.cpp b/src/bin/lttng-sessiond/notification-thread-events.cpp
index 43879c99fe8957d021e2dacbb2218997cd3c73d8..6fb691be59f91d54e3c9107731ee9ee560670e30 100644 (file)
--- a/src/bin/lttng-sessiond/notification-thread-events.cpp
+++ b/src/bin/lttng-sessiond/notification-thread-events.cpp
@@ -1107,13 +1107,12 @@ int evaluate_session_condition(
        }
        case LTTNG_CONDITION_TYPE_SESSION_ROTATION_COMPLETED:
        {
-               const auto rotation_id = new_state ?
-                               new_state->rotation.id :
-                                     session_info->last_state_sample.rotation.id;
+               const auto& sample = new_state ? *new_state : session_info->last_state_sample;
+               const auto rotation_id = sample.rotation.id;
 
                /* Callee acquires a reference to location. */
                *evaluation = lttng_evaluation_session_rotation_completed_create(
-                               rotation_id, new_state->rotation.location);
+                               rotation_id, sample.rotation.location);
                break;
        }
        case LTTNG_CONDITION_TYPE_SESSION_CONSUMED_SIZE: