Fix: out of bound array access in filter code

[lttng-ust.git] / liblttng-ust / lttng-filter.c

diff --git a/liblttng-ust/lttng-filter.c b/liblttng-ust/lttng-filter.c
index 4bb7d4dc87f0793705a11804d7fe91fefab5a427..8114db6092b0b72365361733a394590ca3c46bed 100644 (file)
--- a/liblttng-ust/lttng-filter.c
+++ b/liblttng-ust/lttng-filter.c
@@ -3,23 +3,28 @@
  *
  * LTTng UST filter code.
  *
- * Copyright (C) 2010-2012 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+ * Copyright (C) 2010-2016 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
  *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; only
- * version 2.1 of the License.
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
  *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
  *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
  */
 
+#define _LGPL_SOURCE
 #include <urcu/rculist.h>
 #include "lttng-filter.h"
 
@@ -124,6 +129,20 @@ static const char *opnames[] = {
        [ FILTER_OP_GET_CONTEXT_REF_STRING ] = "GET_CONTEXT_REF_STRING",
        [ FILTER_OP_GET_CONTEXT_REF_S64 ] = "GET_CONTEXT_REF_S64",
        [ FILTER_OP_GET_CONTEXT_REF_DOUBLE ] = "GET_CONTEXT_REF_DOUBLE",
+
+       /* load userspace field ref */
+       [ FILTER_OP_LOAD_FIELD_REF_USER_STRING ] = "LOAD_FIELD_REF_USER_STRING",
+       [ FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE ] = "LOAD_FIELD_REF_USER_SEQUENCE",
+
+       /*
+        * load immediate star globbing pattern (literal string)
+        * from immediate.
+        */
+       [ FILTER_OP_LOAD_STAR_GLOB_STRING ] = "LOAD_STAR_GLOB_STRING",
+
+       /* globbing pattern binary operator: apply to */
+       [ FILTER_OP_EQ_STAR_GLOB_STRING ] = "EQ_STAR_GLOB_STRING",
+       [ FILTER_OP_NE_STAR_GLOB_STRING ] = "NE_STAR_GLOB_STRING",
 };
 
 const char *print_op(enum filter_op op)
@@ -228,20 +247,34 @@ int apply_context_reloc(struct lttng_event *event,
        struct load_op *op;
        struct lttng_ctx_field *ctx_field;
        int idx;
+       struct lttng_session *session = runtime->p.session;
 
        dbg_printf("Apply context reloc: %u %s\n", reloc_offset, context_name);
 
        /* Get context index */
-       idx = lttng_get_context_index(event->chan->ctx, context_name);
-       if (idx < 0)
-               return -ENOENT;
-
+       idx = lttng_get_context_index(session->ctx, context_name);
+       if (idx < 0) {
+               if (lttng_context_is_app(context_name)) {
+                       int ret;
+
+                       ret = lttng_ust_add_app_context_to_ctx_rcu(context_name,
+                                       &session->ctx);
+                       if (ret)
+                               return ret;
+                       idx = lttng_get_context_index(session->ctx,
+                               context_name);
+                       if (idx < 0)
+                               return -ENOENT;
+               } else {
+                       return -ENOENT;
+               }
+       }
        /* Check if idx is too large for 16-bit offset */
        if (idx > FILTER_BYTECODE_MAX_LEN - 1)
                return -EINVAL;
 
        /* Get context return type */
-       ctx_field = &event->chan->ctx->fields[idx];
+       ctx_field = &session->ctx->fields[idx];
        op = (struct load_op *) &runtime->data[reloc_offset];
        field_ref = (struct field_ref *) op->data;
        switch (ctx_field->event_field.type.atype) {
@@ -258,6 +291,9 @@ int apply_context_reloc(struct lttng_event *event,
        case atype_float:
                op->op = FILTER_OP_GET_CONTEXT_REF_DOUBLE;
                break;
+       case atype_dynamic:
+               op->op = FILTER_OP_GET_CONTEXT_REF;
+               break;
        default:
                return -EINVAL;
        }
@@ -339,6 +375,7 @@ int _lttng_filter_event_link_bytecode(struct lttng_event *event,
                goto alloc_error;
        }
        runtime->p.bc = filter_bytecode;
+       runtime->p.session = event->chan->session;
        runtime->len = filter_bytecode->bc.reloc_offset;
        /* copy original bytecode */
        memcpy(runtime->data, filter_bytecode->bc.data, runtime->len);