projects / lttng-tools.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix: lttng: out-of-bound copy of arguments in 'view' command handler
[lttng-tools.git] / src / bin / lttng / commands / view.c
diff --git a/src/bin/lttng/commands/view.c b/src/bin/lttng/commands/view.c
index 1e6852e79caf4ee975547752f92104d9f69f746c..65259dba86c2afb7b54f606fb00fb2d3e30df27c 100644 (file)
--- a/src/bin/lttng/commands/view.c
+++ b/src/bin/lttng/commands/view.c
@@ -182,7 +182,7 @@ static char **alloc_argv_from_local_opts(const char **opts, size_t opts_len,
                goto error;
        }
 
-       memcpy(argv, opts, size);
+       memcpy(argv, opts, sizeof(char *) * opts_len);
 
        if (session_live_mode) {
                argv[opts_len] = "-i";
@@ -296,6 +296,7 @@ static int view_trace(void)
        int ret;
        char *session_name, *trace_path = NULL;
        struct lttng_session *sessions = NULL;
+       bool free_trace_path = false;
 
        /*
         * Safety net. If lttng is suid at some point for *any* useless reasons,
@@ -373,6 +374,7 @@ static int view_trace(void)
                                ret = CMD_ERROR;
                                goto free_sessions;
                        }
+                       free_trace_path = true;
                } else {
                        /* Get file system session path. */
                        trace_path = sessions[i].path;
@@ -390,7 +392,7 @@ static int view_trace(void)
        }
 
 free_sessions:
-       if (session_live_mode) {
+       if (session_live_mode && free_trace_path) {
                free(trace_path);
        }
        free(sessions);
LTTng 2.0 tools and control repository
This page took 0.024029 seconds and 4 git commands to generate.