From b78dab175fd5d80ca3a851e17660b776414332a6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Mon, 30 Mar 2020 22:10:36 -0400 Subject: [PATCH] Fix: tracker: NULL pointer dereference after NULL check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit value_view can be NULL and must thus be checked before use. Moreover, the fix introduced in 1ad5cb59 is erreneous: the function must validate that either: - value is a 'name' type, value_view is not null, and not len == 0, - value is an integer and value_view does not contain more data. In process_attr_value_from_comm: Pointer is checked against null but then dereferenced anyway (CWE-476) Reported-by: Coverity Scan Signed-off-by: Jérémie Galarneau Change-Id: Ia130ef57e10118960f1023338b90f7a10d588ee2 --- src/common/tracker.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/tracker.c b/src/common/tracker.c index e4aae431d..29249d528 100644 --- a/src/common/tracker.c +++ b/src/common/tracker.c @@ -103,7 +103,8 @@ enum lttng_error_code process_attr_value_from_comm( } /* Only expect a payload for name value types. */ - if (is_value_type_name(value_type) && value_view->size == 0) { + if (is_value_type_name(value_type) && + (!value_view || value_view->size == 0)) { ret = LTTNG_ERR_INVALID_PROTOCOL; goto error; } else if (!is_value_type_name(value_type) && value_view && -- 2.34.1