From: Jérémie Galarneau Date: Fri, 8 Jul 2022 15:45:01 +0000 (-0400) Subject: Fix: sessiond: null pointer dereference on initial evaluation of session X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=d5ea894457d77598d1bb51ff1d4ba6f1d66fcc3c Fix: sessiond: null pointer dereference on initial evaluation of session Coverity reports: 1490492 Dereference after null check Either the check against null is unnecessary, or there may be a null pointer dereference. In evaluate_session_condition(lttng_condition const *, session_info const *, session_state_sample const *, lttng_evaluation **): Pointer is checked against null but then dereferenced anyway (CWE-476) This function is used to evaluate the initial state of a session and its transitions against a given condition. In the case of an initial evaluation, the wrong state sample is used which results in a null dereference. Signed-off-by: Jérémie Galarneau Change-Id: Ia465e26d2bf0dae725504915fa62332ecf8c7784 --- diff --git a/src/bin/lttng-sessiond/notification-thread-events.cpp b/src/bin/lttng-sessiond/notification-thread-events.cpp index 43879c99f..6fb691be5 100644 --- a/src/bin/lttng-sessiond/notification-thread-events.cpp +++ b/src/bin/lttng-sessiond/notification-thread-events.cpp @@ -1107,13 +1107,12 @@ int evaluate_session_condition( } case LTTNG_CONDITION_TYPE_SESSION_ROTATION_COMPLETED: { - const auto rotation_id = new_state ? - new_state->rotation.id : - session_info->last_state_sample.rotation.id; + const auto& sample = new_state ? *new_state : session_info->last_state_sample; + const auto rotation_id = sample.rotation.id; /* Callee acquires a reference to location. */ *evaluation = lttng_evaluation_session_rotation_completed_create( - rotation_id, new_state->rotation.location); + rotation_id, sample.rotation.location); break; } case LTTNG_CONDITION_TYPE_SESSION_CONSUMED_SIZE: