* Jérémie Galarneau ([email protected]) wrote: > Corrupted "ustcomm_ust_msg" received by the listener thread could cause an out > of bounds access to the cmd_name_mapping array in the traced application. > > While this doesn't fix the root cause of the problem, this check should be put > in place anyway since corrupted messages are not checked for and may bring > down > the tracee.
FYI, this had been fixed by another patch: commit fd67a0045e800401532c095588a1fe5d452a4777 Author: Mathieu Desnoyers <[email protected]> Date: Mon Jun 17 11:19:22 2013 -0400 Fix: segfault when print invalid command Fixes #556 Signed-off-by: Mathieu Desnoyers <[email protected]> > > Fixes #556 > > Signed-off-by: Jérémie Galarneau <[email protected]> > --- > liblttng-ust/lttng-ust-comm.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/liblttng-ust/lttng-ust-comm.c b/liblttng-ust/lttng-ust-comm.c > index ae2e518..1be693f 100644 > --- a/liblttng-ust/lttng-ust-comm.c > +++ b/liblttng-ust/lttng-ust-comm.c > @@ -208,8 +208,9 @@ static > void print_cmd(int cmd, int handle) > { > const char *cmd_name = "Unknown"; > + int cmd_name_mapping_len = sizeof(cmd_name_mapping) / sizeof(char *); > > - if (cmd_name_mapping[cmd]) { > + if (cmd < cmd_name_mapping_len && cmd_name_mapping[cmd]) { > cmd_name = cmd_name_mapping[cmd]; > } > DBG("Message Received \"%s\", Handle \"%s\" (%d)", cmd_name, > -- > 1.8.2.3 > > > _______________________________________________ > lttng-dev mailing list > [email protected] > http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
