From: Mathieu Desnoyers Date: Mon, 22 Mar 2021 18:35:53 +0000 (-0400) Subject: Fix: bytecode linker: validate event and field array/sequence encoding X-Git-Tag: v2.11.9~14 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=5f7779c5265d15bd087fde0b2694249e11ea9472;p=lttng-modules.git Fix: bytecode linker: validate event and field array/sequence encoding The bytecode linker should only allow linking filter expressions loading fields which are string-encoded arrays and sequence for comparison against a string, and reject arrays and sequences without encoding, so the filter interpreter does not attempt to load non-NULL terminated arrays/sequences as if they were strings. Signed-off-by: Mathieu Desnoyers Change-Id: I61213b736b2e41b55ad8d6b32a6db0f50494e316 --- diff --git a/lttng-filter.c b/lttng-filter.c index 325ae7bb..c33fa5f2 100644 --- a/lttng-filter.c +++ b/lttng-filter.c @@ -241,12 +241,29 @@ int apply_field_reloc(struct lttng_event *event, op->op = FILTER_OP_LOAD_FIELD_REF_S64; break; case atype_array: + { + const struct lttng_basic_type *elem_type = &field->type.u.array.elem_type; + + if (elem_type != atype_integer || elem_type->u.basic.integer.encoding == lttng_encode_none) + return -EINVAL; + if (field->user) + op->op = FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE; + else + op->op = FILTER_OP_LOAD_FIELD_REF_SEQUENCE; + break; + } case atype_sequence: + { + const struct lttng_basic_type *elem_type = &field->type.u.sequence.elem_type; + + if (elem_type != atype_integer || elem_type->u.basic.integer.encoding == lttng_encode_none) + return -EINVAL; if (field->user) op->op = FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE; else op->op = FILTER_OP_LOAD_FIELD_REF_SEQUENCE; break; + } case atype_string: if (field->user) op->op = FILTER_OP_LOAD_FIELD_REF_USER_STRING; @@ -311,9 +328,27 @@ int apply_context_reloc(struct lttng_event *event, op->op = FILTER_OP_GET_CONTEXT_REF_S64; break; /* Sequence and array supported as string */ - case atype_string: case atype_array: + { + const struct lttng_basic_type *elem_type = &ctx_field->event_field.type.u.array.elem_type; + + if (elem_type != atype_integer || elem_type->u.basic.integer.encoding == lttng_encode_none) + return -EINVAL; + BUG_ON(ctx_field->event_field.user); + op->op = FILTER_OP_GET_CONTEXT_REF_STRING; + break; + } case atype_sequence: + { + const struct lttng_basic_type *elem_type = &ctx_field->event_field.type.u.sequence.elem_type; + + if (elem_type != atype_integer || elem_type->u.basic.integer.encoding == lttng_encode_none) + return -EINVAL; + BUG_ON(ctx_field->event_field.user); + op->op = FILTER_OP_GET_CONTEXT_REF_STRING; + break; + } + case atype_string: BUG_ON(ctx_field->event_field.user); op->op = FILTER_OP_GET_CONTEXT_REF_STRING; break;