Fix: unchecked buffer size for communication header
[lttng-tools.git] / src / common / notification.c
index 2544d042fd8192ee309558df6b41e483dc4db3ca..c347b3ceac891b60ffc2ecb6a98df84653b857f5 100644 (file)
@@ -78,16 +78,25 @@ ssize_t lttng_notification_create_from_payload(
                struct lttng_notification **notification)
 {
        ssize_t ret, notification_size = 0, condition_size, evaluation_size;
-       const struct lttng_notification_comm *notification_comm;
        struct lttng_condition *condition;
        struct lttng_evaluation *evaluation;
+       const struct lttng_notification_comm *notification_comm;
+       const struct lttng_payload_view notification_comm_view =
+                       lttng_payload_view_from_view(
+                                       src_view, 0, sizeof(*notification_comm));
 
        if (!src_view || !notification) {
                ret = -1;
                goto end;
        }
 
-       notification_comm = (typeof(notification_comm)) src_view->buffer.data;
+       if (!lttng_payload_view_is_valid(&notification_comm_view)) {
+               /* Payload not large enough to contain the header. */
+               ret = -1;
+               goto end;
+       }
+
+       notification_comm = (typeof(notification_comm)) notification_comm_view.buffer.data;
        notification_size += sizeof(*notification_comm);
        {
                /* struct lttng_condition */
This page took 0.031564 seconds and 4 git commands to generate.