Corrupted "ustcomm_ust_msg" received by the listener thread could cause an out of bounds access to the cmd_name_mapping array in the traced application.
While this doesn't fix the root cause of the problem, this check should be put in place anyway since corrupted messages are not checked for and may bring down the tracee. Fixes #556 Signed-off-by: Jérémie Galarneau <[email protected]> --- liblttng-ust/lttng-ust-comm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c index ae2e518..1be693f 100644 --- a/liblttng-ust/lttng-ust-comm.c +++ b/liblttng-ust/lttng-ust-comm.c @@ -208,8 +208,9 @@ static void print_cmd(int cmd, int handle) { const char *cmd_name = "Unknown"; + int cmd_name_mapping_len = sizeof(cmd_name_mapping) / sizeof(char *); - if (cmd_name_mapping[cmd]) { + if (cmd < cmd_name_mapping_len && cmd_name_mapping[cmd]) { cmd_name = cmd_name_mapping[cmd]; } DBG("Message Received \"%s\", Handle \"%s\" (%d)", cmd_name, -- 1.8.2.3 _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
