Fix: unchecked buffer size for communication header

[lttng-tools.git] / src / common / actions / group.c

diff --git a/src/common/actions/group.c b/src/common/actions/group.c
index 5931eb38ba4534c64b59d843aa083576b39ec36f..4ac239c9d62c14f43c7b2ddf0623c5e901aeaf5d 100644 (file)
--- a/src/common/actions/group.c
+++ b/src/common/actions/group.c
@@ -7,8 +7,8 @@
 
 #include <assert.h>
 #include <common/dynamic-array.h>
-#include <common/sessiond-comm/payload.h>
-#include <common/sessiond-comm/payload-view.h>
+#include <common/payload.h>
+#include <common/payload-view.h>
 #include <common/error.h>
 #include <common/macros.h>
 #include <lttng/action/action-internal.h>
@@ -16,7 +16,7 @@
 #include <lttng/action/group.h>
 
 #define IS_GROUP_ACTION(action) \
-       (lttng_action_get_type_const(action) == LTTNG_ACTION_TYPE_GROUP)
+       (lttng_action_get_type(action) == LTTNG_ACTION_TYPE_GROUP)
 
 struct lttng_action_group {
        struct lttng_action parent;
@@ -217,6 +217,11 @@ ssize_t lttng_action_group_create_from_payload(
                                lttng_payload_view_from_view(view, consumed_len,
                                                view->buffer.size - consumed_len);
 
+               if (!lttng_payload_view_is_valid(&child_view)) {
+                       consumed_len = -1;
+                       goto end;
+               }
+
                consumed_len_child = lttng_action_create_from_payload(
                                &child_view, &child_action);
                if (consumed_len_child < 0) {
@@ -278,7 +283,7 @@ enum lttng_action_status lttng_action_group_add_action(
        enum lttng_action_status status;
        int ret;
 
-       if (!group || !IS_GROUP_ACTION(action) || !action) {
+       if (!group || !IS_GROUP_ACTION(group) || !action) {
                status = LTTNG_ACTION_STATUS_INVALID;
                goto end;
        }