[lttng-dev] [PATCH babeltrace] Fix ctf-writer: possible use after free
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Sat Nov 30 21:00:10 EST 2013
Merged, thanks!
Mathieu
----- Original Message -----
> From: "Jérémie Galarneau" <jeremie.galarneau at efficios.com>
> To: lttng-dev at lists.lttng.org
> Sent: Friday, November 29, 2013 7:26:42 PM
> Subject: [lttng-dev] [PATCH babeltrace] Fix ctf-writer: possible use after free
>
> ctf_stream_pos' base_mma member must be copied from stream->pos before
> updating the final packet and content sizes. The original base_mma
> structure will be reallocated if the packet is resized.
>
> Signed-off-by: Jérémie Galarneau <jeremie.galarneau at efficios.com>
> ---
> formats/ctf/writer/stream.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/formats/ctf/writer/stream.c b/formats/ctf/writer/stream.c
> index ac89429..4efb369 100644
> --- a/formats/ctf/writer/stream.c
> +++ b/formats/ctf/writer/stream.c
> @@ -464,7 +464,10 @@ int bt_ctf_stream_flush(struct bt_ctf_stream *stream)
> /*
> * Update the packet total size and content size and overwrite the
> * packet context.
> + * Copy base_mma as the packet may have been remapped (e.g. when a
> + * packet is resized).
> */
> + packet_context_pos.base_mma = stream->pos.base_mma;
> ret = set_structure_field_integer(stream_class->packet_context,
> "content_size", stream->pos.offset);
> if (ret) {
> --
> 1.8.4.2
>
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
>
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list