From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Fri, 27 Mar 2020 15:27:13 +0000 (-0400)
Subject: Fix: sessiond: NULL pointer dereference after NULL check
X-Git-Tag: v2.13.0-rc1~701
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=1ad5cb59f0444bf6cbbb57351714fa7f445bf1ac;hp=74675e31d64f06986e335dffcb5e3ef5ce7c76c8;ds=sidebyside

Fix: sessiond: NULL pointer dereference after NULL check

The process attribute value deserialization allows the buffer view to
be NULL when the value's type is not USER_NAME nor GROUP_NAME. This is
not checked when ensuring that no string is passed (len == 0) in the
case of integral values.

A NULL check is added to the condition.

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I343f747c325f739196284dadd3c407cfb4084268
---

diff --git a/src/common/tracker.c b/src/common/tracker.c
index 0f69c775b..e4aae431d 100644
--- a/src/common/tracker.c
+++ b/src/common/tracker.c
@@ -106,7 +106,8 @@ enum lttng_error_code process_attr_value_from_comm(
 	if (is_value_type_name(value_type) && value_view->size == 0) {
 		ret = LTTNG_ERR_INVALID_PROTOCOL;
 		goto error;
-	} else if (!is_value_type_name(value_type) && value_view->size != 0) {
+	} else if (!is_value_type_name(value_type) && value_view &&
+			value_view->size != 0) {
 		ret = LTTNG_ERR_INVALID_PROTOCOL;
 		goto error;
 	}