[lttng-dev] [PATCH babeltrace] Fix ctf-writer: possible use after free
Jérémie Galarneau
jeremie.galarneau at efficios.com
Fri Nov 29 13:26:42 EST 2013
ctf_stream_pos' base_mma member must be copied from stream->pos before
updating the final packet and content sizes. The original base_mma
structure will be reallocated if the packet is resized.
Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
---
formats/ctf/writer/stream.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/formats/ctf/writer/stream.c b/formats/ctf/writer/stream.c
index ac89429..4efb369 100644
--- a/formats/ctf/writer/stream.c
+++ b/formats/ctf/writer/stream.c
@@ -464,7 +464,10 @@ int bt_ctf_stream_flush(struct bt_ctf_stream *stream)
/*
* Update the packet total size and content size and overwrite the
* packet context.
+ * Copy base_mma as the packet may have been remapped (e.g. when a
+ * packet is resized).
*/
+ packet_context_pos.base_mma = stream->pos.base_mma;
ret = set_structure_field_integer(stream_class->packet_context,
"content_size", stream->pos.offset);
if (ret) {
--
1.8.4.2
More information about the lttng-dev
mailing list