projects
/
lttng-tools.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix: unchecked buffer size for communication header
[lttng-tools.git]
/
src
/
common
/
condition.c
diff --git
a/src/common/condition.c
b/src/common/condition.c
index 427c49e093ec3c4621161d32f94eefba730e7bf7..cffe6cf5e2b7408034781f23063681bebe9f2f7c 100644
(file)
--- a/
src/common/condition.c
+++ b/
src/common/condition.c
@@
-132,16
+132,25
@@
ssize_t lttng_condition_create_from_payload(
struct lttng_condition **condition)
{
ssize_t ret, condition_size = 0;
struct lttng_condition **condition)
{
ssize_t ret, condition_size = 0;
- const struct lttng_condition_comm *condition_comm;
condition_create_from_payload_cb create_from_payload = NULL;
condition_create_from_payload_cb create_from_payload = NULL;
+ const struct lttng_condition_comm *condition_comm;
+ const struct lttng_payload_view condition_comm_view =
+ lttng_payload_view_from_view(
+ view, 0, sizeof(*condition_comm));
if (!view || !condition) {
ret = -1;
goto end;
}
if (!view || !condition) {
ret = -1;
goto end;
}
+ if (!lttng_payload_view_is_valid(&condition_comm_view)) {
+ /* Payload not large enough to contain the header. */
+ ret = -1;
+ goto end;
+ }
+
DBG("Deserializing condition from buffer");
DBG("Deserializing condition from buffer");
- condition_comm = (typeof(condition_comm))
view->
buffer.data;
+ condition_comm = (typeof(condition_comm))
condition_comm_view.
buffer.data;
condition_size += sizeof(*condition_comm);
switch ((enum lttng_condition_type) condition_comm->condition_type) {
condition_size += sizeof(*condition_comm);
switch ((enum lttng_condition_type) condition_comm->condition_type) {
This page took
0.02459 seconds
and
4
git commands to generate.