From 1ad5cb59f0444bf6cbbb57351714fa7f445bf1ac Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Fri, 27 Mar 2020 11:27:13 -0400 Subject: [PATCH] Fix: sessiond: NULL pointer dereference after NULL check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The process attribute value deserialization allows the buffer view to be NULL when the value's type is not USER_NAME nor GROUP_NAME. This is not checked when ensuring that no string is passed (len == 0) in the case of integral values. A NULL check is added to the condition. Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau Change-Id: I343f747c325f739196284dadd3c407cfb4084268 --- src/common/tracker.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/tracker.c b/src/common/tracker.c index 0f69c775b..e4aae431d 100644 --- a/src/common/tracker.c +++ b/src/common/tracker.c @@ -106,7 +106,8 @@ enum lttng_error_code process_attr_value_from_comm( if (is_value_type_name(value_type) && value_view->size == 0) { ret = LTTNG_ERR_INVALID_PROTOCOL; goto error; - } else if (!is_value_type_name(value_type) && value_view->size != 0) { + } else if (!is_value_type_name(value_type) && value_view && + value_view->size != 0) { ret = LTTNG_ERR_INVALID_PROTOCOL; goto error; } -- 2.34.1