[lttng-dev] [PATCH lttng-ust] Fix: Check for invalid commands in print_cmd
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Mon Jul 8 11:47:03 EDT 2013
* Jérémie Galarneau (jeremie.galarneau at efficios.com) wrote:
> Corrupted "ustcomm_ust_msg" received by the listener thread could cause an out
> of bounds access to the cmd_name_mapping array in the traced application.
>
> While this doesn't fix the root cause of the problem, this check should be put
> in place anyway since corrupted messages are not checked for and may bring down
> the tracee.
FYI, this had been fixed by another patch:
commit fd67a0045e800401532c095588a1fe5d452a4777
Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Date: Mon Jun 17 11:19:22 2013 -0400
Fix: segfault when print invalid command
Fixes #556
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
>
> Fixes #556
>
> Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
> ---
> liblttng-ust/lttng-ust-comm.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c
> index ae2e518..1be693f 100644
> --- a/liblttng-ust/lttng-ust-comm.c
> +++ b/liblttng-ust/lttng-ust-comm.c
> @@ -208,8 +208,9 @@ static
> void print_cmd(int cmd, int handle)
> {
> const char *cmd_name = "Unknown";
> + int cmd_name_mapping_len = sizeof(cmd_name_mapping) / sizeof(char *);
>
> - if (cmd_name_mapping[cmd]) {
> + if (cmd < cmd_name_mapping_len && cmd_name_mapping[cmd]) {
> cmd_name = cmd_name_mapping[cmd];
> }
> DBG("Message Received \"%s\", Handle \"%s\" (%d)", cmd_name,
> --
> 1.8.2.3
>
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list