From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Tue, 31 Mar 2020 02:10:36 +0000 (-0400)
Subject: Fix: tracker: NULL pointer dereference after NULL check
X-Git-Tag: v2.13.0-rc1~700
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=b78dab175fd5d80ca3a851e17660b776414332a6

Fix: tracker: NULL pointer dereference after NULL check

value_view can be NULL and must thus be checked before use.

Moreover, the fix introduced in 1ad5cb59 is erreneous: the
function must validate that either:
  - value is a 'name' type, value_view is not null, and not len == 0,
  - value is an integer and value_view does not contain more data.

In process_attr_value_from_comm: Pointer is checked against null but
then dereferenced anyway (CWE-476)

Reported-by: Coverity Scan
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: Ia130ef57e10118960f1023338b90f7a10d588ee2
---

diff --git a/src/common/tracker.c b/src/common/tracker.c
index e4aae431d..29249d528 100644
--- a/src/common/tracker.c
+++ b/src/common/tracker.c
@@ -103,7 +103,8 @@ enum lttng_error_code process_attr_value_from_comm(
 	}
 
 	/* Only expect a payload for name value types. */
-	if (is_value_type_name(value_type) && value_view->size == 0) {
+	if (is_value_type_name(value_type) &&
+			(!value_view || value_view->size == 0)) {
 		ret = LTTNG_ERR_INVALID_PROTOCOL;
 		goto error;
 	} else if (!is_value_type_name(value_type) && value_view &&