From 74675e31d64f06986e335dffcb5e3ef5ce7c76c8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Fri, 27 Mar 2020 11:07:10 -0400 Subject: [PATCH] Fix: sessiond: missing goto in error handler MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The trace_ust inclusion set add/remove methods do not jump to the end label after checking the `tracker` variable. This can result in a NULL pointer dereference when an invalid process attribute is specified. The same problem appears in save_process_attr_trackers() and process_attr_value_from_comm(). The missing jump (goto) is added in all cases. Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau Change-Id: I473e008e5330a4c3820c8ab7c57ce4f2961e79b2 --- src/bin/lttng-sessiond/save.c | 1 + src/bin/lttng-sessiond/trace-ust.c | 2 ++ src/common/tracker.c | 1 + 3 files changed, 4 insertions(+) diff --git a/src/bin/lttng-sessiond/save.c b/src/bin/lttng-sessiond/save.c index c3ae62791..822662ef5 100644 --- a/src/bin/lttng-sessiond/save.c +++ b/src/bin/lttng-sessiond/save.c @@ -2079,6 +2079,7 @@ static int save_process_attr_trackers(struct config_writer *writer, break; default: ret = LTTNG_ERR_INVALID; + goto end; } ret = LTTNG_OK; end: diff --git a/src/bin/lttng-sessiond/trace-ust.c b/src/bin/lttng-sessiond/trace-ust.c index 4432fca23..80dd8dc54 100644 --- a/src/bin/lttng-sessiond/trace-ust.c +++ b/src/bin/lttng-sessiond/trace-ust.c @@ -1033,6 +1033,7 @@ enum lttng_error_code trace_ust_process_attr_tracker_inclusion_set_add_value( tracker = _trace_ust_get_process_attr_tracker(session, process_attr); if (!tracker) { ret_code = LTTNG_ERR_INVALID; + goto end; } status = process_attr_tracker_inclusion_set_add_value(tracker, value); @@ -1141,6 +1142,7 @@ enum lttng_error_code trace_ust_process_attr_tracker_inclusion_set_remove_value( tracker = _trace_ust_get_process_attr_tracker(session, process_attr); if (!tracker) { ret_code = LTTNG_ERR_INVALID; + goto end; } status = process_attr_tracker_inclusion_set_remove_value( diff --git a/src/common/tracker.c b/src/common/tracker.c index c27d97655..0f69c775b 100644 --- a/src/common/tracker.c +++ b/src/common/tracker.c @@ -85,6 +85,7 @@ enum lttng_error_code process_attr_value_from_comm( name = strdup(value_view->data); if (!name) { ret = LTTNG_ERR_NOMEM; + goto error; } } -- 2.34.1