On Thu, 2019-03-21 at 19:41 -0400, Steven Rostedt wrote: > From: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx> > > If tracecmd_msg_data_send() is passed a size of zero, the loop is not > entered, nothing is sent, but the ret variable is not initialized and > garbage can be sent out. The option code can call this with a size of > zero, > which can cause an error report. > > Just don't do anything in this case, and return a success. > > Signed-off-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx> > --- > tracecmd/trace-msg.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/tracecmd/trace-msg.c b/tracecmd/trace-msg.c > index 51d0ac8b..382bd766 100644 > --- a/tracecmd/trace-msg.c > +++ b/tracecmd/trace-msg.c > @@ -590,6 +590,10 @@ int tracecmd_msg_data_send(struct > tracecmd_msg_handle *msg_handle, > int ret; > int count = 0; > > + /* Don't bother doing anything if there's nothing to do */ > + if (!size) > + return 0; > + > tracecmd_msg_init(MSG_SEND_DATA, &msg); > > msg.buf = malloc(MSG_MAX_DATA_LEN); Nice catch. Definitely a latent bug waiting for someone to step on it. Reviewed-by: Slavomir Kaslev <kaslevs@xxxxxxxxxx> -- Slavi
|