[lttng-dev] [PATCH lttng-ust] Fix: Check for invalid commands in print_cmd

Jérémie Galarneau jeremie.galarneau at efficios.com
Mon Jun 3 16:59:20 EDT 2013


Corrupted "ustcomm_ust_msg" received by the listener thread could cause an out
of bounds access to the cmd_name_mapping array in the traced application.

While this doesn't fix the root cause of the problem, this check should be put
in place anyway since corrupted messages are not checked for and may bring down
the tracee.

Fixes #556

Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
---
 liblttng-ust/lttng-ust-comm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c
index ae2e518..1be693f 100644
--- a/liblttng-ust/lttng-ust-comm.c
+++ b/liblttng-ust/lttng-ust-comm.c
@@ -208,8 +208,9 @@ static
 void print_cmd(int cmd, int handle)
 {
 	const char *cmd_name = "Unknown";
+	int cmd_name_mapping_len = sizeof(cmd_name_mapping) / sizeof(char *);
 
-	if (cmd_name_mapping[cmd]) {
+	if (cmd < cmd_name_mapping_len && cmd_name_mapping[cmd]) {
 		cmd_name = cmd_name_mapping[cmd];
 	}
 	DBG("Message Received \"%s\", Handle \"%s\" (%d)", cmd_name,
-- 
1.8.2.3




More information about the lttng-dev mailing list