From d5ea894457d77598d1bb51ff1d4ba6f1d66fcc3c Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Fri, 8 Jul 2022 11:45:01 -0400 Subject: [PATCH] Fix: sessiond: null pointer dereference on initial evaluation of session MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Coverity reports: 1490492 Dereference after null check Either the check against null is unnecessary, or there may be a null pointer dereference. In evaluate_session_condition(lttng_condition const *, session_info const *, session_state_sample const *, lttng_evaluation **): Pointer is checked against null but then dereferenced anyway (CWE-476) This function is used to evaluate the initial state of a session and its transitions against a given condition. In the case of an initial evaluation, the wrong state sample is used which results in a null dereference. Signed-off-by: Jérémie Galarneau Change-Id: Ia465e26d2bf0dae725504915fa62332ecf8c7784 --- src/bin/lttng-sessiond/notification-thread-events.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/bin/lttng-sessiond/notification-thread-events.cpp b/src/bin/lttng-sessiond/notification-thread-events.cpp index 43879c99f..6fb691be5 100644 --- a/src/bin/lttng-sessiond/notification-thread-events.cpp +++ b/src/bin/lttng-sessiond/notification-thread-events.cpp @@ -1107,13 +1107,12 @@ int evaluate_session_condition( } case LTTNG_CONDITION_TYPE_SESSION_ROTATION_COMPLETED: { - const auto rotation_id = new_state ? - new_state->rotation.id : - session_info->last_state_sample.rotation.id; + const auto& sample = new_state ? *new_state : session_info->last_state_sample; + const auto rotation_id = sample.rotation.id; /* Callee acquires a reference to location. */ *evaluation = lttng_evaluation_session_rotation_completed_create( - rotation_id, new_state->rotation.location); + rotation_id, sample.rotation.location); break; } case LTTNG_CONDITION_TYPE_SESSION_CONSUMED_SIZE: -- 2.34.1