Fix: Integer overflowed argument

[lttng-tools.git] / src / bin / lttng-sessiond / syscall.c

diff --git a/src/bin/lttng-sessiond/syscall.c b/src/bin/lttng-sessiond/syscall.c
index b4f2e1eca92f2fb726aa774f8bc94f384bc2f000..7db510936ead56454b8a94a91317cc254f920806 100644 (file)
--- a/src/bin/lttng-sessiond/syscall.c
+++ b/src/bin/lttng-sessiond/syscall.c
@@ -72,7 +72,7 @@ int syscall_init_table(void)
        }
 
        while (fscanf(fp,
-                               "syscall { index = %lu; \
+                               "syscall { index = %zu; \
                                name = %" XSTR(SYSCALL_NAME_LEN) "[^;]; \
                                bitness = %u; };\n",
                                &index, name, &bitness) == 3) {
@@ -82,7 +82,7 @@ int syscall_init_table(void)
 
                        /* Double memory size. */
                        new_nbmem = max(index, nbmem << 1);
-                       if (new_nbmem < nbmem) {
+                       if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
                                /* Overflow, stop everything, something went really wrong. */
                                ERR("Syscall listing memory size overflow. Stopping");
                                free(syscall_table);
@@ -108,8 +108,13 @@ int syscall_init_table(void)
                }
                syscall_table[index].index = index;
                syscall_table[index].bitness = bitness;
-               strncpy(syscall_table[index].name, name,
-                               sizeof(syscall_table[index].name));
+               if (lttng_strncpy(syscall_table[index].name, name,
+                               sizeof(syscall_table[index].name))) {
+                       ret = -EINVAL;
+                       free(syscall_table);
+                       syscall_table = NULL;
+                       goto error;
+               }
                /*
                DBG("Syscall name '%s' at index %" PRIu32 " of bitness %u",
                                syscall_table[index].name,
@@ -404,11 +409,15 @@ ssize_t syscall_list_channel(struct ltt_kernel_channel *kchan,
                        events = new_events;
                }
 
+               rcu_read_lock();
                ksyscall = lookup_syscall(syscalls_ht, syscall_table[i].name);
                if (ksyscall) {
                        update_event_syscall_bitness(events, i, ksyscall->index);
+                       rcu_read_unlock();
                        continue;
                }
+               ksyscall = NULL;
+               rcu_read_unlock();
 
                ret = add_syscall_to_ht(syscalls_ht, i, count);
                if (ret < 0) {
@@ -428,7 +437,10 @@ ssize_t syscall_list_channel(struct ltt_kernel_channel *kchan,
        return count;
 
 error:
+       rcu_read_lock();
        destroy_syscall_ht(syscalls_ht);
+       rcu_read_unlock();
+
        free(events);
        return ret;
 }