[ltt-dev] Bug in add_marker (marker.c)

Damien COTTIER damien.cottier at stericsson.com
Wed Jul 21 05:57:21 EDT 2010


Hi all,

While creating my own probes, I've observed that I get format mismatch error... While digging into the executed code I observe that my format (stored in a marker_entry) was overwritten by a new allocated structure. Finally I found that in add_marker function the format pointer seems to be set to the wrong position:
e->format = &e->name[channel_len + name_len];
while the proper assignment should be
e->format = &e->name[name_len];

indead:

size_t channel_len = strlen(channel) + 1;
size_t name_len = strlen(name) + 1;
...
size_t format_len ...= strlen(format) + 1;

and

struct marker_entry {
....
    char channel[0];        /* Contains channel'\0'name'\0'format'\0' *     /

};

...

e = kmalloc(sizeof(struct marker_entry)
      + channel_len + name_len + format_len,
      GFP_KERNEL);
....
e->name = &e->channel[channel_len];

Rgds,
Damien COTTIER.



[cid:457404209 at 21072010-2D25]

Damien COTTIER
Application and Architecture Engineer

ST-Ericsson
Platform and Sytem Architecture
12 rue Jules Horowitz
38019, Grenoble
France
www.stericsson.com<http://www.stericsson.com/>

        Office: +33 (0)4 76 58 65 59
Mobile: -----
Fax: -----
Email: damien.cottier at stericsson.com<mailto:damien.cottier at stericsson.com>


This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, interception, unauthorized amendment, tampering and viruses, and we only send and receive emails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.casi.polymtl.ca/pipermail/lttng-dev/attachments/20100721/6632d491/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sig_logo.png
Type: image/png
Size: 3517 bytes
Desc: sig_logo.png
URL: <http://lists.casi.polymtl.ca/pipermail/lttng-dev/attachments/20100721/6632d491/attachment-0003.png>


More information about the lttng-dev mailing list