projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
buffer-usage.c
diff --git
a/src/common/buffer-usage.c
b/src/common/buffer-usage.c
index ad6fb84169e03bd1b99cf72c74eb2e5d9bbd5c46..5f68608001a43d3559d527541c974e8edc0eef73 100644
(file)
--- a/
src/common/buffer-usage.c
+++ b/
src/common/buffer-usage.c
@@
-251,17
+251,20
@@
ssize_t init_condition_from_payload(struct lttng_condition *condition,
ssize_t ret, condition_size;
enum lttng_condition_status status;
enum lttng_domain_type domain_type;
ssize_t ret, condition_size;
enum lttng_condition_status status;
enum lttng_domain_type domain_type;
- const struct lttng_condition_buffer_usage_comm *condition_comm;
const char *session_name, *channel_name;
struct lttng_buffer_view names_view;
const char *session_name, *channel_name;
struct lttng_buffer_view names_view;
+ const struct lttng_condition_buffer_usage_comm *condition_comm;
+ const struct lttng_payload_view condition_comm_view =
+ lttng_payload_view_from_view(
+ src_view, 0, sizeof(*condition_comm));
- if (
src_view->buffer.size < sizeof(*condition_comm
)) {
+ if (
!lttng_payload_view_is_valid(&condition_comm_view
)) {
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
ERR("Failed to initialize from malformed condition buffer: buffer too short to contain header");
ret = -1;
goto end;
}
- condition_comm = (typeof(condition_comm))
src_view->
buffer.data;
+ condition_comm = (typeof(condition_comm))
condition_comm_view.
buffer.data;
names_view = lttng_buffer_view_from_view(&src_view->buffer,
sizeof(*condition_comm), -1);
names_view = lttng_buffer_view_from_view(&src_view->buffer,
sizeof(*condition_comm), -1);
This page took
0.033498 seconds
and
4
git commands to generate.