X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fcommon%2Ftrigger.c;h=e69e72e076267be0b7b6290b9032cc11b941caa1;hp=26997fd1f21da68796f6a45e8d25633c8ed6d398;hb=6808ef55e595f2cb28e8c0dafe5dff3e0faaa742;hpb=a02903c0743cebd1f51227905ee89e571b84acbc

diff --git a/src/common/trigger.c b/src/common/trigger.c
index 26997fd1f..e69e72e07 100644
--- a/src/common/trigger.c
+++ b/src/common/trigger.c
@@ -129,7 +129,7 @@ void lttng_trigger_destroy(struct lttng_trigger *trigger)
 LTTNG_HIDDEN
 ssize_t lttng_trigger_create_from_payload(
 		struct lttng_payload_view *src_view,
-		struct lttng_trigger **trigger)
+		struct lttng_trigger **_trigger)
 {
 	ssize_t ret, offset = 0, condition_size, action_size, name_size = 0;
 	struct lttng_condition *condition = NULL;
@@ -140,14 +140,24 @@ ssize_t lttng_trigger_create_from_payload(
 		.uid = LTTNG_OPTIONAL_INIT_UNSET,
 		.gid = LTTNG_OPTIONAL_INIT_UNSET,
 	};
+	struct lttng_trigger *trigger = NULL;
+	const struct lttng_payload_view trigger_comm_view =
+			lttng_payload_view_from_view(
+					src_view, 0, sizeof(*trigger_comm));
+
+	if (!src_view || !_trigger) {
+		ret = -1;
+		goto end;
+	}
 
-	if (!src_view || !trigger) {
+	if (!lttng_payload_view_is_valid(&trigger_comm_view)) {
+		/* Payload not large enough to contain the header. */
 		ret = -1;
 		goto end;
 	}
 
 	/* lttng_trigger_comm header */
-	trigger_comm = (typeof(trigger_comm)) src_view->buffer.data;
+	trigger_comm = (typeof(trigger_comm)) trigger_comm_view.buffer.data;
 
 	/* Set the trigger's creds. */
 	if (trigger_comm->uid > (uint64_t) ((uid_t) -1)) {
@@ -164,7 +174,13 @@ ssize_t lttng_trigger_create_from_payload(
 		/* Name. */
 		const struct lttng_payload_view name_view =
 				lttng_payload_view_from_view(
-						src_view, offset, trigger_comm->name_length);
+						src_view, offset,
+						trigger_comm->name_length);
+
+		if (!lttng_payload_view_is_valid(&name_view)) {
+			ret = -1;
+			goto end;
+		}
 
 		name = name_view.buffer.data;
 		if (!lttng_buffer_view_contains_string(&name_view.buffer, name,
@@ -214,13 +230,13 @@ ssize_t lttng_trigger_create_from_payload(
 		goto error;
 	}
 
-	*trigger = lttng_trigger_create(condition, action);
-	if (!*trigger) {
+	trigger = lttng_trigger_create(condition, action);
+	if (!trigger) {
 		ret = -1;
 		goto error;
 	}
 
-	lttng_trigger_set_credentials(*trigger, &creds);
+	lttng_trigger_set_credentials(trigger, &creds);
 
 	/*
 	 * The trigger object owns references to the action and condition
@@ -234,7 +250,7 @@ ssize_t lttng_trigger_create_from_payload(
 
 	if (name) {
 		const enum lttng_trigger_status status =
-				lttng_trigger_set_name(*trigger, name);
+				lttng_trigger_set_name(trigger, name);
 
 		if (status != LTTNG_TRIGGER_STATUS_OK) {
 			ret = -1;
@@ -245,9 +261,15 @@ ssize_t lttng_trigger_create_from_payload(
 	ret = offset;
 
 error:
-	lttng_condition_destroy(condition);
-	lttng_action_destroy(action);
+	lttng_condition_put(condition);
+	lttng_action_put(action);
 end:
+	if (ret == 0) {
+		*_trigger = trigger;
+	} else {
+		lttng_trigger_put(trigger);
+	}
+
 	return ret;
 }