Merged, thanks! Mathieu
----- Original Message ----- > From: "Jérémie Galarneau" <[email protected]> > To: [email protected] > Sent: Friday, November 29, 2013 7:26:42 PM > Subject: [lttng-dev] [PATCH babeltrace] Fix ctf-writer: possible use after > free > > ctf_stream_pos' base_mma member must be copied from stream->pos before > updating the final packet and content sizes. The original base_mma > structure will be reallocated if the packet is resized. > > Signed-off-by: Jérémie Galarneau <[email protected]> > --- > formats/ctf/writer/stream.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/formats/ctf/writer/stream.c b/formats/ctf/writer/stream.c > index ac89429..4efb369 100644 > --- a/formats/ctf/writer/stream.c > +++ b/formats/ctf/writer/stream.c > @@ -464,7 +464,10 @@ int bt_ctf_stream_flush(struct bt_ctf_stream *stream) > /* > * Update the packet total size and content size and overwrite the > * packet context. > + * Copy base_mma as the packet may have been remapped (e.g. when a > + * packet is resized). > */ > + packet_context_pos.base_mma = stream->pos.base_mma; > ret = set_structure_field_integer(stream_class->packet_context, > "content_size", stream->pos.offset); > if (ret) { > -- > 1.8.4.2 > > > _______________________________________________ > lttng-dev mailing list > [email protected] > http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev > -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
