From 3415bfe5235453f16b9b286754ec1edd200bd290 Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Mon, 22 Mar 2021 12:52:54 -0400
Subject: [PATCH] Fix: bytecode linker: validate event and field array/sequence
 encoding

The bytecode linker should only allow linking filter expressions loading
fields which are string-encoded arrays and sequence for comparison
against a string, and reject arrays and sequences without encoding, so
the filter interpreter does not attempt to load non-NULL terminated
arrays/sequences as if they were strings.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I7e0d42dc53738f36af372b4352c44bc1fff916d1
---
 liblttng-ust/lttng-bytecode.c | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/liblttng-ust/lttng-bytecode.c b/liblttng-ust/lttng-bytecode.c
index 3fe50c36..d4161fc3 100644
--- a/liblttng-ust/lttng-bytecode.c
+++ b/liblttng-ust/lttng-bytecode.c
@@ -244,9 +244,23 @@ int apply_field_reloc(const struct lttng_ust_event_desc *event_desc,
 			op->op = BYTECODE_OP_LOAD_FIELD_REF_S64;
 			break;
 		case lttng_ust_type_array:
+		{
+			struct lttng_ust_type_array *array = (struct lttng_ust_type_array *) field->type;
+
+			if (array->encoding == lttng_ust_string_encoding_none)
+				return -EINVAL;
+			op->op = BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE;
+			break;
+		}
 		case lttng_ust_type_sequence:
+		{
+			struct lttng_ust_type_sequence *sequence = (struct lttng_ust_type_sequence *) field->type;
+
+			if (sequence->encoding == lttng_ust_string_encoding_none)
+				return -EINVAL;
 			op->op = BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE;
 			break;
+		}
 		case lttng_ust_type_string:
 			op->op = BYTECODE_OP_LOAD_FIELD_REF_STRING;
 			break;
@@ -316,10 +330,26 @@ int apply_context_reloc(struct bytecode_runtime *runtime,
 		case lttng_ust_type_enum:
 			op->op = BYTECODE_OP_GET_CONTEXT_REF_S64;
 			break;
-			/* Sequence and array supported as string */
-		case lttng_ust_type_string:
+			/* Sequence and array supported only as string */
 		case lttng_ust_type_array:
+		{
+			struct lttng_ust_type_array *array = (struct lttng_ust_type_array *) ctx_field->event_field->type;
+
+			if (array->encoding == lttng_ust_string_encoding_none)
+				return -EINVAL;
+			op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
+			break;
+		}
 		case lttng_ust_type_sequence:
+		{
+			struct lttng_ust_type_sequence *sequence = (struct lttng_ust_type_sequence *) ctx_field->event_field->type;
+
+			if (sequence->encoding == lttng_ust_string_encoding_none)
+				return -EINVAL;
+			op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
+			break;
+		}
+		case lttng_ust_type_string:
 			op->op = BYTECODE_OP_GET_CONTEXT_REF_STRING;
 			break;
 		case lttng_ust_type_float:
-- 
2.34.1