Fix: event: erroneous bound check on perf counter name size

[lttng-tools.git] / src / common / event.c

diff --git a/src/common/event.c b/src/common/event.c
index fd44f6da2133da600197bb0e45353abf09a1cec6..531c73b9f1b09a312929d118ff9b4b57a269ed4b 100644 (file)
--- a/src/common/event.c
+++ b/src/common/event.c
@@ -1054,7 +1054,8 @@ static ssize_t lttng_event_context_perf_counter_populate_from_buffer(
                const struct lttng_buffer_view *view,
                struct lttng_event_context *event_ctx)
 {
-       ssize_t ret, offset = 0;
+       int ret;
+       ssize_t consumed, offset = 0;
        const struct lttng_event_context_perf_counter_comm *comm;
        size_t name_len;
        const struct lttng_buffer_view comm_view = lttng_buffer_view_from_view(
@@ -1066,7 +1067,7 @@ static ssize_t lttng_event_context_perf_counter_populate_from_buffer(
                        event_ctx->ctx == LTTNG_EVENT_CONTEXT_PERF_CPU_COUNTER);
 
        if (!lttng_buffer_view_is_valid(&comm_view)) {
-               ret = -1;
+               consumed = -1;
                goto end;
        }
 
@@ -1080,7 +1081,7 @@ static ssize_t lttng_event_context_perf_counter_populate_from_buffer(
                                lttng_buffer_view_from_view(
                                                view, offset, name_len);
                if (!lttng_buffer_view_is_valid(&provider_name_view)) {
-                       ret = -1;
+                       consumed = -1;
                        goto end;
                }
 
@@ -1088,21 +1089,26 @@ static ssize_t lttng_event_context_perf_counter_populate_from_buffer(
 
                if (!lttng_buffer_view_contains_string(
                                    &provider_name_view, name, name_len)) {
-                       ret = -1;
+                       consumed = -1;
                        goto end;
                }
 
-               lttng_strncpy(event_ctx->u.perf_counter.name, name, name_len);
+               ret = lttng_strncpy(event_ctx->u.perf_counter.name, name,
+                               sizeof(event_ctx->u.perf_counter.name));
+               if (ret) {
+                       consumed = -1;
+                       goto end;
+               }
                offset += name_len;
        }
 
        event_ctx->u.perf_counter.config = comm->config;
        event_ctx->u.perf_counter.type = comm->type;
 
-       ret = offset;
+       consumed = offset;
 
 end:
-       return ret;
+       return consumed;
 }
 
 LTTNG_HIDDEN
@@ -1520,6 +1526,9 @@ static enum lttng_error_code compute_flattened_size(
        /* The basic struct lttng_event */
        storage_req = event_count * sizeof(struct lttng_event);
 
+       /* The struct lttng_event_extended */
+       storage_req += event_count * sizeof(struct lttng_event_extended);
+
        for (i = 0; i < event_count; i++) {
                int probe_storage_req = 0;
                const struct event_list_element *element =
@@ -1540,10 +1549,6 @@ static enum lttng_error_code compute_flattened_size(
                        probe_storage_req = ret;
                }
 
-               /* The struct·lttng_event_extended */
-               storage_req += event_count *
-                       sizeof(struct lttng_event_extended);
-
                if (element->filter_expression) {
                        storage_req += strlen(element->filter_expression) + 1;
                }