Fix: tracker: NULL pointer dereference after NULL check

value_view can be NULL and must thus be checked before use.

Moreover, the fix introduced in 1ad5cb59 is erreneous: the
function must validate that either:
  - value is a 'name' type, value_view is not null, and not len == 0,
  - value is an integer and value_view does not contain more data.

In process_attr_value_from_comm: Pointer is checked against null but
then dereferenced anyway (CWE-476)

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ia130ef57e10118960f1023338b90f7a10d588ee2

diff --git a/src/common/tracker.c b/src/common/tracker.c
index e4aae431d19a4896c818267c4ab781c0b85bac08..29249d528bc8da1f1a7b71e00381cc24b65d1678 100644 (file)
--- a/src/common/tracker.c
+++ b/src/common/tracker.c
@@ -103,7 +103,8 @@ enum lttng_error_code process_attr_value_from_comm(
        }
 
        /* Only expect a payload for name value types. */
        }
 
        /* Only expect a payload for name value types. */

-       if (is_value_type_name(value_type) && value_view->size == 0) {
+       if (is_value_type_name(value_type) &&
+                       (!value_view || value_view->size == 0)) {

                ret = LTTNG_ERR_INVALID_PROTOCOL;
                goto error;
        } else if (!is_value_type_name(value_type) && value_view &&
                ret = LTTNG_ERR_INVALID_PROTOCOL;
                goto error;
        } else if (!is_value_type_name(value_type) && value_view &&