Fix: miscellaneous memory handling fixes
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 20 Feb 2014 15:23:46 +0000 (10:23 -0500)
committerDavid Goulet <dgoulet@efficios.com>
Fri, 21 Feb 2014 14:10:24 +0000 (14:10 +0000)
Issues found with Valgrind:

- Uninitialized memory sent through sendmsg,
- Uninitialized realloc memory,
- Erroneous pointer arithmetic in jul_list_events(),
- Memory leaks in kernel_consumer_add_channel(),
  kernel_consumer_add_metadata(),
- Memory leak (snapshot_destroy missing hash table cleanup),
- Uninitialized poll/epoll memory on realloc.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David Goulet <dgoulet@efficios.com>
20 files changed:
src/bin/lttng-consumerd/health-consumerd.c
src/bin/lttng-relayd/health-relayd.c
src/bin/lttng-relayd/live.c
src/bin/lttng-relayd/main.c
src/bin/lttng-sessiond/consumer.c
src/bin/lttng-sessiond/jul.c
src/bin/lttng-sessiond/kernel-consumer.c
src/bin/lttng-sessiond/kernel.c
src/bin/lttng-sessiond/main.c
src/bin/lttng-sessiond/snapshot.c
src/bin/lttng-sessiond/ust-app.c
src/bin/lttng-sessiond/ust-consumer.c
src/common/compat/compat-epoll.c
src/common/compat/compat-poll.c
src/common/consumer-metadata-cache.c
src/common/consumer.c
src/common/relayd/relayd.c
src/common/ust-consumer/ust-consumer.c
src/lib/lttng-ctl/lttng-ctl-health.c
src/lib/lttng-ctl/lttng-ctl.c

index 1b649baa991d71ca55243defd516a483cd69a053..d1478e54de9268c778efe13a85bf7a8c843c1b9f 100644 (file)
@@ -303,7 +303,7 @@ restart:
 
                assert(msg.cmd == HEALTH_CMD_CHECK);
 
-               reply.ret_code = 0;
+               memset(&reply, 0, sizeof(reply));
                for (i = 0; i < NR_HEALTH_CONSUMERD_TYPES; i++) {
                        /*
                         * health_check_state return 0 if thread is in
index 89b6402fabad3e62ff69c5e9e8b62e5c15d0d0b8..8a5cbdfcb550f86a2010586e6eed924d19232861 100644 (file)
@@ -368,7 +368,7 @@ restart:
 
                assert(msg.cmd == HEALTH_CMD_CHECK);
 
-               reply.ret_code = 0;
+               memset(&reply, 0, sizeof(reply));
                for (i = 0; i < NR_HEALTH_RELAYD_TYPES; i++) {
                        /*
                         * health_check_state return 0 if thread is in
index a720ed732f0f6746fc399c9ad203635086acfd0a..c60f7e4c9c4db0f3d00dff773b2c537b0cc4bd43 100644 (file)
@@ -931,6 +931,8 @@ int viewer_get_new_streams(struct relay_connection *conn)
 
        health_code_update();
 
+       memset(&response, 0, sizeof(response));
+
        rcu_read_lock();
        session = session_find_by_id(conn->sessions_ht, session_id);
        if (!session) {
@@ -1032,6 +1034,8 @@ int viewer_attach_session(struct relay_connection *conn)
 
        health_code_update();
 
+       memset(&response, 0, sizeof(response));
+
        if (!conn->viewer_session) {
                DBG("Client trying to attach before creating a live viewer session");
                response.status = htobe32(LTTNG_VIEWER_ATTACH_NO_SESSION);
@@ -1618,6 +1622,8 @@ int viewer_get_metadata(struct relay_connection *conn)
        }
        health_code_update();
 
+       memset(&reply, 0, sizeof(reply));
+
        rcu_read_lock();
        stream = viewer_stream_find_by_id(be64toh(request.stream_id));
        if (!stream || !stream->metadata_flag) {
@@ -1718,6 +1724,7 @@ int viewer_create_session(struct relay_connection *conn)
 
        DBG("Viewer create session received");
 
+       memset(&resp, 0, sizeof(resp));
        resp.status = htobe32(LTTNG_VIEWER_CREATE_SESSION_OK);
        conn->viewer_session = zmalloc(sizeof(*conn->viewer_session));
        if (!conn->viewer_session) {
@@ -1749,6 +1756,7 @@ void live_relay_unknown_command(struct relay_connection *conn)
 {
        struct lttcomm_relayd_generic_reply reply;
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = htobe32(LTTNG_ERR_UNK);
        (void) send_response(conn->sock, &reply, sizeof(reply));
 }
index f6b23eb928a9137ae5eb939dc8c9efa4a892c81b..60b6bf2214e8bee4d0266000a1db592982384940 100644 (file)
@@ -1261,6 +1261,7 @@ int relay_add_stream(struct lttcomm_relayd_hdr *recv_hdr,
                        stream->stream_handle);
 
 end:
+       memset(&reply, 0, sizeof(reply));
        reply.handle = htobe64(stream->stream_handle);
        /* send the session id to the client or a negative return code on error */
        if (ret < 0) {
@@ -1342,6 +1343,7 @@ int relay_close_stream(struct lttcomm_relayd_hdr *recv_hdr,
 end_unlock:
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        if (ret < 0) {
                reply.ret_code = htobe32(LTTNG_ERR_UNK);
        } else {
@@ -1367,6 +1369,7 @@ void relay_unknown_command(struct relay_connection *conn)
        struct lttcomm_relayd_generic_reply reply;
        int ret;
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = htobe32(LTTNG_ERR_UNK);
        ret = conn->sock->ops->sendmsg(conn->sock, &reply,
                        sizeof(struct lttcomm_relayd_generic_reply), 0);
@@ -1392,6 +1395,7 @@ int relay_start(struct lttcomm_relayd_hdr *recv_hdr,
                ret = htobe32(LTTNG_ERR_UNK);
        }
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = ret;
        ret = conn->sock->ops->sendmsg(conn->sock, &reply,
                        sizeof(struct lttcomm_relayd_generic_reply), 0);
@@ -1553,6 +1557,7 @@ int relay_send_version(struct lttcomm_relayd_hdr *recv_hdr,
                goto end;
        }
 
+       memset(&reply, 0, sizeof(reply));
        reply.major = RELAYD_VERSION_COMM_MAJOR;
        reply.minor = RELAYD_VERSION_COMM_MINOR;
 
@@ -1652,6 +1657,7 @@ int relay_data_pending(struct lttcomm_relayd_hdr *recv_hdr,
 end_unlock:
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = htobe32(ret);
        ret = conn->sock->ops->sendmsg(conn->sock, &reply, sizeof(reply), 0);
        if (ret < 0) {
@@ -1715,6 +1721,7 @@ int relay_quiescent_control(struct lttcomm_relayd_hdr *recv_hdr,
        }
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = htobe32(LTTNG_OK);
        ret = conn->sock->ops->sendmsg(conn->sock, &reply, sizeof(reply), 0);
        if (ret < 0) {
@@ -1785,6 +1792,7 @@ int relay_begin_data_pending(struct lttcomm_relayd_hdr *recv_hdr,
        }
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        /* All good, send back reply. */
        reply.ret_code = htobe32(LTTNG_OK);
 
@@ -1858,6 +1866,7 @@ int relay_end_data_pending(struct lttcomm_relayd_hdr *recv_hdr,
        }
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        /* All good, send back reply. */
        reply.ret_code = htobe32(is_data_inflight);
 
@@ -1976,6 +1985,7 @@ int relay_recv_index(struct lttcomm_relayd_hdr *recv_hdr,
 end_rcu_unlock:
        rcu_read_unlock();
 
+       memset(&reply, 0, sizeof(reply));
        if (ret < 0) {
                reply.ret_code = htobe32(LTTNG_ERR_UNK);
        } else {
@@ -2026,6 +2036,7 @@ int relay_streams_sent(struct lttcomm_relayd_hdr *recv_hdr,
                uatomic_set(&conn->session->new_streams, 1);
        }
 
+       memset(&reply, 0, sizeof(reply));
        reply.ret_code = htobe32(LTTNG_OK);
        send_ret = conn->sock->ops->sendmsg(conn->sock, &reply, sizeof(reply), 0);
        if (send_ret < 0) {
index 8806e9c322bef43b818975bee8f44bc520e3aa53..ce3e5da9adda44d3481c4bb07785a30f76ac14f5 100644 (file)
@@ -207,6 +207,7 @@ int consumer_send_destroy_relayd(struct consumer_socket *sock,
 
        DBG2("Sending destroy relayd command to consumer sock %d", *sock->fd_ptr);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_DESTROY_RELAYD;
        msg.u.destroy_relayd.net_seq_idx = consumer->net_seq_index;
 
@@ -965,6 +966,7 @@ int consumer_send_relayd_socket(struct consumer_socket *consumer_sock,
        assert(consumer);
        assert(consumer_sock);
 
+       memset(&msg, 0, sizeof(msg));
        /* Bail out if consumer is disabled */
        if (!consumer->enabled) {
                ret = LTTNG_OK;
@@ -1078,12 +1080,12 @@ int consumer_is_data_pending(uint64_t session_id,
 
        assert(consumer);
 
-       msg.cmd_type = LTTNG_CONSUMER_DATA_PENDING;
+       DBG3("Consumer data pending for id %" PRIu64, session_id);
 
+       memset(&msg, 0, sizeof(msg));
+       msg.cmd_type = LTTNG_CONSUMER_DATA_PENDING;
        msg.u.data_pending.session_id = session_id;
 
-       DBG3("Consumer data pending for id %" PRIu64, session_id);
-
        /* Send command for each consumer */
        rcu_read_lock();
        cds_lfht_for_each_entry(consumer->socks->ht, &iter.iter, socket,
@@ -1136,6 +1138,7 @@ int consumer_flush_channel(struct consumer_socket *socket, uint64_t key)
 
        DBG2("Consumer flush channel key %" PRIu64, key);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_FLUSH_CHANNEL;
        msg.u.flush_channel.key = key;
 
@@ -1168,6 +1171,7 @@ int consumer_close_metadata(struct consumer_socket *socket,
 
        DBG2("Consumer close metadata channel key %" PRIu64, metadata_key);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_CLOSE_METADATA;
        msg.u.close_metadata.key = metadata_key;
 
@@ -1200,6 +1204,7 @@ int consumer_setup_metadata(struct consumer_socket *socket,
 
        DBG2("Consumer setup metadata channel key %" PRIu64, metadata_key);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_SETUP_METADATA;
        msg.u.setup_metadata.key = metadata_key;
 
@@ -1233,6 +1238,7 @@ int consumer_push_metadata(struct consumer_socket *socket,
 
        DBG2("Consumer push metadata to consumer socket %d", *socket->fd_ptr);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_PUSH_METADATA;
        msg.u.push_metadata.key = metadata_key;
        msg.u.push_metadata.target_offset = target_offset;
index 7b603cf25137031effccd15a7a53f19efa39c713..3c251998ef560d13d965337515746d9ada832cf1 100644 (file)
@@ -67,6 +67,7 @@ static int send_header(struct lttcomm_sock *sock, uint64_t data_size,
 
        assert(sock);
 
+       memset(&msg, 0, sizeof(msg));
        msg.data_size = htobe64(data_size);
        msg.cmd = htobe32(cmd);
        msg.cmd_version = htobe32(cmd_version);
@@ -248,6 +249,7 @@ static int enable_event(struct jul_app *app, struct jul_event *event)
                goto error_io;
        }
 
+       memset(&msg, 0, sizeof(msg));
        msg.loglevel = event->loglevel;
        msg.loglevel_type = event->loglevel_type;
        strncpy(msg.name, event->name, sizeof(msg.name));
@@ -309,6 +311,7 @@ static int disable_event(struct jul_app *app, struct jul_event *event)
                goto error_io;
        }
 
+       memset(&msg, 0, sizeof(msg));
        strncpy(msg.name, event->name, sizeof(msg.name));
        ret = send_payload(app->sock, &msg, sizeof(msg));
        if (ret < 0) {
@@ -443,24 +446,30 @@ int jul_list_events(struct lttng_event **events)
                        goto error_unlock;
                }
 
-               if (count >= nbmem) {
+               if (count + nb_ev > nbmem) {
                        /* In case the realloc fails, we free the memory */
-                       void *ptr;
-
-                       DBG2("Reallocating JUL event list from %zu to %zu entries", nbmem,
-                                       2 * nbmem);
-                       nbmem *= 2;
-                       ptr = realloc(tmp_events, nbmem * sizeof(*tmp_events));
-                       if (!ptr) {
+                       struct lttng_event *new_tmp_events;
+                       size_t new_nbmem;
+
+                       new_nbmem = max_t(size_t, count + nb_ev, nbmem << 1);
+                       DBG2("Reallocating JUL event list from %zu to %zu entries",
+                                       nbmem, new_nbmem);
+                       new_tmp_events = realloc(tmp_events,
+                               new_nbmem * sizeof(*new_tmp_events));
+                       if (!new_tmp_events) {
                                PERROR("realloc JUL events");
                                ret = -ENOMEM;
                                free(jul_events);
                                goto error_unlock;
                        }
-                       tmp_events = ptr;
+                       /* Zero the new memory */
+                       memset(new_tmp_events + nbmem, 0,
+                               (new_nbmem - nbmem) * sizeof(*new_tmp_events));
+                       nbmem = new_nbmem;
+                       tmp_events = new_tmp_events;
                }
-               memcpy(tmp_events + (count * sizeof(*tmp_events)), jul_events,
-                               nb_ev * sizeof(*tmp_events));
+               memcpy(tmp_events + count, jul_events,
+                       nb_ev * sizeof(*tmp_events));
                free(jul_events);
                count += nb_ev;
        }
index 4153612746f90c84780b208b94ce2ce731126217..38820af3811e1893ba8a5f6c6109c31599fb7838 100644 (file)
@@ -105,7 +105,7 @@ int kernel_consumer_add_channel(struct consumer_socket *sock,
                }
        } else {
                /* Empty path. */
-               pathname = "";
+               pathname = strdup("");
        }
 
        /* Prep channel message structure */
@@ -136,6 +136,7 @@ int kernel_consumer_add_channel(struct consumer_socket *sock,
        health_code_update();
 
 error:
+       free(pathname);
        return ret;
 }
 
@@ -168,7 +169,7 @@ int kernel_consumer_add_metadata(struct consumer_socket *sock,
                }
        } else {
                /* Empty path. */
-               pathname = "";
+               pathname = strdup("");
        }
 
        /* Prep channel message structure */
@@ -215,6 +216,7 @@ int kernel_consumer_add_metadata(struct consumer_socket *sock,
        health_code_update();
 
 error:
+       free(pathname);
        return ret;
 }
 
@@ -419,6 +421,7 @@ int kernel_consumer_destroy_channel(struct consumer_socket *socket,
 
        DBG("Sending kernel consumer destroy channel key %d", channel->fd);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_DESTROY_CHANNEL;
        msg.u.destroy_channel.key = channel->fd;
 
@@ -447,6 +450,7 @@ int kernel_consumer_destroy_metadata(struct consumer_socket *socket,
 
        DBG("Sending kernel consumer destroy channel key %d", metadata->fd);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_DESTROY_CHANNEL;
        msg.u.destroy_channel.key = metadata->fd;
 
index 9e7826808f7181b9546de2d69956e1820e6515c4..b6b24a5a2b2b426fc78845bb8ca4bf7b1f16770a 100644 (file)
@@ -602,7 +602,7 @@ error:
  */
 ssize_t kernel_list_events(int tracer_fd, struct lttng_event **events)
 {
-       int fd, pos, ret;
+       int fd, ret;
        char *event;
        size_t nbmem, count = 0;
        FILE *fp;
@@ -634,15 +634,15 @@ ssize_t kernel_list_events(int tracer_fd, struct lttng_event **events)
                goto end;
        }
 
-       while (fscanf(fp, "event { name = %m[^;]; };%n\n", &event, &pos) == 1) {
+       while (fscanf(fp, "event { name = %m[^;]; };\n", &event) == 1) {
                if (count >= nbmem) {
                        struct lttng_event *new_elist;
+                       size_t new_nbmem;
 
-                       DBG("Reallocating event list from %zu to %zu bytes", nbmem,
-                                       nbmem * 2);
-                       /* Double the size */
-                       nbmem <<= 1;
-                       new_elist = realloc(elist, nbmem * sizeof(struct lttng_event));
+                       new_nbmem = nbmem << 1;
+                       DBG("Reallocating event list from %zu to %zu bytes",
+                                       nbmem, new_nbmem);
+                       new_elist = realloc(elist, new_nbmem * sizeof(struct lttng_event));
                        if (new_elist == NULL) {
                                PERROR("realloc list events");
                                free(event);
@@ -650,6 +650,10 @@ ssize_t kernel_list_events(int tracer_fd, struct lttng_event **events)
                                count = -ENOMEM;
                                goto end;
                        }
+                       /* Zero the new memory */
+                       memset(new_elist + nbmem, 0,
+                               (new_nbmem - nbmem) * sizeof(struct lttng_event));
+                       nbmem = new_nbmem;
                        elist = new_elist;
                }
                strncpy(elist[count].name, event, LTTNG_SYMBOL_NAME_LEN);
index c3f564dce4709b3493c154cbd0a5faf1df3d62b4..f0aaf73b064f4845974876503de4e7bf7f89f2be 100644 (file)
@@ -3734,7 +3734,7 @@ restart:
 
                rcu_thread_online();
 
-               reply.ret_code = 0;
+               memset(&reply, 0, sizeof(reply));
                for (i = 0; i < NR_HEALTH_SESSIOND_TYPES; i++) {
                        /*
                         * health_check_state returns 0 if health is
index 6b1aa8db1085c5edf2c01e404e3ce9387561c17d..8faf9a76a28f99f497c1b4542ed0acdfd5d5603f 100644 (file)
@@ -24,6 +24,7 @@
 #include <common/defaults.h>
 
 #include "snapshot.h"
+#include "utils.h"
 
 /*
  * Return the atomically incremented value of next_output_id.
@@ -321,4 +322,5 @@ void snapshot_destroy(struct snapshot *obj)
                snapshot_output_destroy(output);
        }
        rcu_read_unlock();
+       ht_cleanup_push(obj->output_ht);
 }
index 34d4c9b1558de816bd1935ba02eef50b1c90e511..c32bf2b6847e147bcfcfe31041c7cfb300ef2edf 100644 (file)
@@ -3144,19 +3144,25 @@ int ust_app_list_events(struct lttng_event **events)
                        health_code_update();
                        if (count >= nbmem) {
                                /* In case the realloc fails, we free the memory */
-                               void *ptr;
-
-                               DBG2("Reallocating event list from %zu to %zu entries", nbmem,
-                                               2 * nbmem);
-                               nbmem *= 2;
-                               ptr = realloc(tmp_event, nbmem * sizeof(struct lttng_event));
-                               if (ptr == NULL) {
+                               struct lttng_event *new_tmp_event;
+                               size_t new_nbmem;
+
+                               new_nbmem = nbmem << 1;
+                               DBG2("Reallocating event list from %zu to %zu entries",
+                                               nbmem, new_nbmem);
+                               new_tmp_event = realloc(tmp_event,
+                                       new_nbmem * sizeof(struct lttng_event));
+                               if (new_tmp_event == NULL) {
                                        PERROR("realloc ust app events");
                                        free(tmp_event);
                                        ret = -ENOMEM;
                                        goto rcu_error;
                                }
-                               tmp_event = ptr;
+                               /* Zero the new memory */
+                               memset(new_tmp_event + nbmem, 0,
+                                       (new_nbmem - nbmem) * sizeof(struct lttng_event));
+                               nbmem = new_nbmem;
+                               tmp_event = new_tmp_event;
                        }
                        memcpy(tmp_event[count].name, uiter.name, LTTNG_UST_SYM_NAME_LEN);
                        tmp_event[count].loglevel = uiter.loglevel;
@@ -3244,19 +3250,25 @@ int ust_app_list_event_fields(struct lttng_event_field **fields)
                        health_code_update();
                        if (count >= nbmem) {
                                /* In case the realloc fails, we free the memory */
-                               void *ptr;
-
-                               DBG2("Reallocating event field list from %zu to %zu entries", nbmem,
-                                               2 * nbmem);
-                               nbmem *= 2;
-                               ptr = realloc(tmp_event, nbmem * sizeof(struct lttng_event_field));
-                               if (ptr == NULL) {
+                               struct lttng_event_field *new_tmp_event;
+                               size_t new_nbmem;
+
+                               new_nbmem = nbmem << 1;
+                               DBG2("Reallocating event field list from %zu to %zu entries",
+                                               nbmem, new_nbmem);
+                               new_tmp_event = realloc(tmp_event,
+                                       new_nbmem * sizeof(struct lttng_event_field));
+                               if (new_tmp_event == NULL) {
                                        PERROR("realloc ust app event fields");
                                        free(tmp_event);
                                        ret = -ENOMEM;
                                        goto rcu_error;
                                }
-                               tmp_event = ptr;
+                               /* Zero the new memory */
+                               memset(new_tmp_event + nbmem, 0,
+                                       (new_nbmem - nbmem) * sizeof(struct lttng_event_field));
+                               nbmem = new_nbmem;
+                               tmp_event = new_tmp_event;
                        }
 
                        memcpy(tmp_event[count].field_name, uiter.field_name, LTTNG_UST_SYM_NAME_LEN);
index b0a52b33ad49ca196d62326330e70750b7028190..9715c426f468f5b24cf76bf64726b0cf218d5af3 100644 (file)
@@ -250,6 +250,7 @@ int ust_consumer_get_channel(struct consumer_socket *socket,
        assert(ua_chan);
        assert(socket);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_GET_CHANNEL;
        msg.u.get_channel.key = ua_chan->key;
 
@@ -344,6 +345,7 @@ int ust_consumer_destroy_channel(struct consumer_socket *socket,
        assert(ua_chan);
        assert(socket);
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd_type = LTTNG_CONSUMER_DESTROY_CHANNEL;
        msg.u.destroy_channel.key = ua_chan->key;
 
@@ -469,6 +471,7 @@ int ust_consumer_metadata_request(struct consumer_socket *socket)
                        DBG("PID registry not found for session id %" PRIu64,
                                        request.session_id_per_pid);
 
+                       memset(&msg, 0, sizeof(msg));
                        msg.cmd_type = LTTNG_ERR_UND;
                        (void) consumer_send_msg(socket, &msg);
                        /*
index 25c9955045b3bb09435beea959d891c67f1c77a4..ecd09a0924a43f3aef6dbcd0fdb2055a45d44bb9 100644 (file)
@@ -51,6 +51,11 @@ static int resize_poll_event(struct lttng_poll_event *events,
                PERROR("realloc epoll add");
                goto error;
        }
+       if (new_size > events->alloc_size) {
+               /* Zero newly allocated memory */
+               memset(ptr + events->alloc_size, 0,
+                       (new_size - events->alloc_size) * sizeof(*ptr));
+       }
        events->events = ptr;
        events->alloc_size = new_size;
 
@@ -119,6 +124,11 @@ int compat_epoll_add(struct lttng_poll_event *events, int fd, uint32_t req_event
                goto error;
        }
 
+       /*
+        * Zero struct epoll_event to ensure all representations of its
+        * union are zeroed.
+        */
+       memset(&ev, 0, sizeof(ev));
        ev.events = req_events;
        ev.data.fd = fd;
 
index 79fcb7d652b87230815c4d7b6d7146cf8546a9c2..4893768a098543815207c90283eb9591d97a3a4a 100644 (file)
@@ -52,6 +52,11 @@ static int resize_poll_event(struct compat_poll_event_array *array,
                PERROR("realloc epoll add");
                goto error;
        }
+       if (new_size > array->alloc_size) {
+               /* Zero newly allocated memory */
+               memset(ptr + array->alloc_size, 0,
+                       (new_size - array->alloc_size) * sizeof(*ptr));
+       }
        array->events = ptr;
        array->alloc_size = new_size;
 
index d8f5001f8b5efed8d12239a4856d46bde3939709..0f086fe9643218ba91837446b031154c91453e58 100644 (file)
@@ -46,14 +46,13 @@ static int extend_metadata_cache(struct lttng_consumer_channel *channel,
 {
        int ret = 0;
        char *tmp_data_ptr;
-       unsigned int new_size;
+       unsigned int new_size, old_size;
 
        assert(channel);
        assert(channel->metadata_cache);
 
-       new_size = max_t(unsigned int,
-                       channel->metadata_cache->cache_alloc_size + size,
-                       channel->metadata_cache->cache_alloc_size << 1);
+       old_size = channel->metadata_cache->cache_alloc_size;
+       new_size = max_t(unsigned int, old_size + size, old_size << 1);
        DBG("Extending metadata cache to %u", new_size);
        tmp_data_ptr = realloc(channel->metadata_cache->data, new_size);
        if (!tmp_data_ptr) {
@@ -62,6 +61,8 @@ static int extend_metadata_cache(struct lttng_consumer_channel *channel,
                ret = -1;
                goto end;
        }
+       /* Zero newly allocated memory */
+       memset(tmp_data_ptr + old_size, 0, new_size - old_size);
        channel->metadata_cache->data = tmp_data_ptr;
        channel->metadata_cache->cache_alloc_size = new_size;
 
index 821a04e3d73d80025e76ad99f1cb0558725c7188..c842de9358965c79e31f489b789906f3d1deddec 100644 (file)
@@ -3613,6 +3613,7 @@ int consumer_send_status_msg(int sock, int ret_code)
 {
        struct lttcomm_consumer_status_msg msg;
 
+       memset(&msg, 0, sizeof(msg));
        msg.ret_code = ret_code;
 
        return lttcomm_send_unix_sock(sock, &msg, sizeof(msg));
@@ -3630,6 +3631,7 @@ int consumer_send_status_channel(int sock,
 
        assert(sock >= 0);
 
+       memset(&msg, 0, sizeof(msg));
        if (!channel) {
                msg.ret_code = LTTCOMM_CONSUMERD_CHANNEL_FAIL;
        } else {
index ccb23c065ca7aaeb8037fc30a42016fd7c9c9f3b..3de19c28064d352ef9e1d507f14bac3cd318a823 100644 (file)
@@ -57,6 +57,7 @@ static int send_command(struct lttcomm_relayd_sock *rsock,
                goto alloc_error;
        }
 
+       memset(&header, 0, sizeof(header));
        header.cmd = htobe32(cmd);
        header.data_size = htobe64(size);
 
@@ -244,6 +245,7 @@ int relayd_add_stream(struct lttcomm_relayd_sock *rsock, const char *channel_nam
 
        /* Compat with relayd 2.1 */
        if (rsock->minor == 1) {
+               memset(&msg, 0, sizeof(msg));
                strncpy(msg.channel_name, channel_name, sizeof(msg.channel_name));
                strncpy(msg.pathname, pathname, sizeof(msg.pathname));
 
@@ -253,6 +255,7 @@ int relayd_add_stream(struct lttcomm_relayd_sock *rsock, const char *channel_nam
                        goto error;
                }
        } else {
+               memset(&msg_2_2, 0, sizeof(msg_2_2));
                /* Compat with relayd 2.2+ */
                strncpy(msg_2_2.channel_name, channel_name, sizeof(msg_2_2.channel_name));
                strncpy(msg_2_2.pathname, pathname, sizeof(msg_2_2.pathname));
@@ -364,6 +367,7 @@ int relayd_version_check(struct lttcomm_relayd_sock *rsock)
        DBG("Relayd version check for major.minor %u.%u", rsock->major,
                        rsock->minor);
 
+       memset(&msg, 0, sizeof(msg));
        /* Prepare network byte order before transmission. */
        msg.major = htobe32(rsock->major);
        msg.minor = htobe32(rsock->minor);
@@ -565,6 +569,7 @@ int relayd_send_close_stream(struct lttcomm_relayd_sock *rsock, uint64_t stream_
 
        DBG("Relayd closing stream id %" PRIu64, stream_id);
 
+       memset(&msg, 0, sizeof(msg));
        msg.stream_id = htobe64(stream_id);
        msg.last_net_seq_num = htobe64(last_net_seq_num);
 
@@ -614,6 +619,7 @@ int relayd_data_pending(struct lttcomm_relayd_sock *rsock, uint64_t stream_id,
 
        DBG("Relayd data pending for stream id %" PRIu64, stream_id);
 
+       memset(&msg, 0, sizeof(msg));
        msg.stream_id = htobe64(stream_id);
        msg.last_net_seq_num = htobe64(last_net_seq_num);
 
@@ -662,6 +668,7 @@ int relayd_quiescent_control(struct lttcomm_relayd_sock *rsock,
 
        DBG("Relayd checking quiescent control state");
 
+       memset(&msg, 0, sizeof(msg));
        msg.stream_id = htobe64(metadata_stream_id);
 
        /* Send command */
@@ -706,6 +713,7 @@ int relayd_begin_data_pending(struct lttcomm_relayd_sock *rsock, uint64_t id)
 
        DBG("Relayd begin data pending");
 
+       memset(&msg, 0, sizeof(msg));
        msg.session_id = htobe64(id);
 
        /* Send command */
@@ -753,6 +761,7 @@ int relayd_end_data_pending(struct lttcomm_relayd_sock *rsock, uint64_t id,
 
        DBG("Relayd end data pending");
 
+       memset(&msg, 0, sizeof(msg));
        msg.session_id = htobe64(id);
 
        /* Send command */
@@ -805,6 +814,7 @@ int relayd_send_index(struct lttcomm_relayd_sock *rsock,
 
        DBG("Relayd sending index for stream ID %" PRIu64, relay_stream_id);
 
+       memset(&msg, 0, sizeof(msg));
        msg.relay_stream_id = htobe64(relay_stream_id);
        msg.net_seq_num = htobe64(net_seq_num);
 
index b48a3c821d386fbf3cbfaceb8b01d9bbcc4f724d..07073260f3262bb3cbd2207a846e3404fcf0713c 100644 (file)
@@ -2212,6 +2212,8 @@ int lttng_ustconsumer_request_metadata(struct lttng_consumer_local_data *ctx,
        assert(channel);
        assert(channel->metadata_cache);
 
+       memset(&request, 0, sizeof(request));
+
        /* send the metadata request to sessiond */
        switch (consumer_data.type) {
        case LTTNG_CONSUMER64_UST:
index c78e0dcd9352d1884b9406cd035aa8f35b51180a..ba9aac05a42bfb5493efb1dbf67d597c799d55b6 100644 (file)
@@ -272,6 +272,7 @@ retry:
                goto error;
        }
 
+       memset(&msg, 0, sizeof(msg));
        msg.cmd = HEALTH_CMD_CHECK;
 
        ret = lttcomm_send_unix_sock(sock, (void *)&msg, sizeof(msg));
index 7d06c7a0cb41b8f3396e4460c92c25afbc501d8b..94f075b460f2b9ed541e0610691cb18bfb1a67d0 100644 (file)
@@ -520,6 +520,7 @@ int lttng_register_consumer(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_REGISTER_CONSUMER;
        lttng_ctl_copy_string(lsm.session.name, handle->session_name,
                        sizeof(lsm.session.name));
@@ -542,6 +543,7 @@ int lttng_start_tracing(const char *session_name)
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_START_TRACE;
 
        lttng_ctl_copy_string(lsm.session.name, session_name,
@@ -562,6 +564,7 @@ static int _lttng_stop_tracing(const char *session_name, int wait)
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_STOP_TRACE;
 
        lttng_ctl_copy_string(lsm.session.name, session_name,
@@ -1004,6 +1007,7 @@ int lttng_list_tracepoints(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_TRACEPOINTS;
        lttng_ctl_copy_lttng_domain(&lsm.domain, &handle->domain);
 
@@ -1031,6 +1035,7 @@ int lttng_list_tracepoint_fields(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_TRACEPOINT_FIELDS;
        lttng_ctl_copy_lttng_domain(&lsm.domain, &handle->domain);
 
@@ -1099,6 +1104,7 @@ int lttng_destroy_session(const char *session_name)
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_DESTROY_SESSION;
 
        lttng_ctl_copy_string(lsm.session.name, session_name,
@@ -1118,6 +1124,7 @@ int lttng_list_sessions(struct lttng_session **sessions)
        int ret;
        struct lttcomm_session_msg lsm;
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_SESSIONS;
        ret = lttng_ctl_ask_sessiond(&lsm, (void**) sessions);
        if (ret < 0) {
@@ -1143,6 +1150,7 @@ int lttng_list_domains(const char *session_name,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_DOMAINS;
 
        lttng_ctl_copy_string(lsm.session.name, session_name,
@@ -1172,6 +1180,7 @@ int lttng_list_channels(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_CHANNELS;
        lttng_ctl_copy_string(lsm.session.name, handle->session_name,
                        sizeof(lsm.session.name));
@@ -1203,6 +1212,7 @@ int lttng_list_events(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_LIST_EVENTS;
        lttng_ctl_copy_string(lsm.session.name, handle->session_name,
                        sizeof(lsm.session.name));
@@ -1250,6 +1260,7 @@ int lttng_calibrate(struct lttng_handle *handle,
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_CALIBRATE;
        lttng_ctl_copy_lttng_domain(&lsm.domain, &handle->domain);
 
@@ -1480,6 +1491,7 @@ int lttng_data_pending(const char *session_name)
                return -LTTNG_ERR_INVALID;
        }
 
+       memset(&lsm, 0, sizeof(lsm));
        lsm.cmd_type = LTTNG_DATA_PENDING;
 
        lttng_ctl_copy_string(lsm.session.name, session_name,
This page took 0.06113 seconds and 4 git commands to generate.