Fix: trigger: erroneous check for success of trigger creation

[lttng-tools.git] / src / common / trigger.c

diff --git a/src/common/trigger.c b/src/common/trigger.c
index 26997fd1f21da68796f6a45e8d25633c8ed6d398..e038fa81a052d71fe3952afaae96c96982a23ae3 100644 (file)
--- a/src/common/trigger.c
+++ b/src/common/trigger.c
@@ -129,7 +129,7 @@ void lttng_trigger_destroy(struct lttng_trigger *trigger)
 LTTNG_HIDDEN
 ssize_t lttng_trigger_create_from_payload(
                struct lttng_payload_view *src_view,
-               struct lttng_trigger **trigger)
+               struct lttng_trigger **_trigger)
 {
        ssize_t ret, offset = 0, condition_size, action_size, name_size = 0;
        struct lttng_condition *condition = NULL;
@@ -140,14 +140,24 @@ ssize_t lttng_trigger_create_from_payload(
                .uid = LTTNG_OPTIONAL_INIT_UNSET,
                .gid = LTTNG_OPTIONAL_INIT_UNSET,
        };
+       struct lttng_trigger *trigger = NULL;
+       const struct lttng_payload_view trigger_comm_view =
+                       lttng_payload_view_from_view(
+                                       src_view, 0, sizeof(*trigger_comm));
+
+       if (!src_view || !_trigger) {
+               ret = -1;
+               goto end;
+       }
 
-       if (!src_view || !trigger) {
+       if (!lttng_payload_view_is_valid(&trigger_comm_view)) {
+               /* Payload not large enough to contain the header. */
                ret = -1;
                goto end;
        }
 
        /* lttng_trigger_comm header */
-       trigger_comm = (typeof(trigger_comm)) src_view->buffer.data;
+       trigger_comm = (typeof(trigger_comm)) trigger_comm_view.buffer.data;
 
        /* Set the trigger's creds. */
        if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
@@ -164,7 +174,13 @@ ssize_t lttng_trigger_create_from_payload(
                /* Name. */
                const struct lttng_payload_view name_view =
                                lttng_payload_view_from_view(
-                                               src_view, offset, trigger_comm->name_length);
+                                               src_view, offset,
+                                               trigger_comm->name_length);
+
+               if (!lttng_payload_view_is_valid(&name_view)) {
+                       ret = -1;
+                       goto end;
+               }
 
                name = name_view.buffer.data;
                if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
@@ -214,13 +230,13 @@ ssize_t lttng_trigger_create_from_payload(
                goto error;
        }
 
-       *trigger = lttng_trigger_create(condition, action);
-       if (!*trigger) {
+       trigger = lttng_trigger_create(condition, action);
+       if (!trigger) {
                ret = -1;
                goto error;
        }
 
-       lttng_trigger_set_credentials(*trigger, &creds);
+       lttng_trigger_set_credentials(trigger, &creds);
 
        /*
         * The trigger object owns references to the action and condition
@@ -234,7 +250,7 @@ ssize_t lttng_trigger_create_from_payload(
 
        if (name) {
                const enum lttng_trigger_status status =
-                               lttng_trigger_set_name(*trigger, name);
+                               lttng_trigger_set_name(trigger, name);
 
                if (status != LTTNG_TRIGGER_STATUS_OK) {
                        ret = -1;
@@ -245,9 +261,15 @@ ssize_t lttng_trigger_create_from_payload(
        ret = offset;
 
 error:
-       lttng_condition_destroy(condition);
-       lttng_action_destroy(action);
+       lttng_condition_put(condition);
+       lttng_action_put(action);
 end:
+       if (ret >= 0) {
+               *_trigger = trigger;
+       } else {
+               lttng_trigger_put(trigger);
+       }
+
        return ret;
 }