When a new trace buffer is read from the trace file, a new input handler
is duplicated from the top one. Some of these data are poiters and
should not be duplicated, as it could lead to a memory corruption on
handler close.
Added a safety check to ensure requested buffer index is valid.
Signed-off-by: Tzvetomir Stoyanov (VMware) <tz.stoyanov@xxxxxxxxx>
---
lib/trace-cmd/trace-input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/trace-cmd/trace-input.c b/lib/trace-cmd/trace-input.c
index af11cbc6..787d6825 100644
--- a/lib/trace-cmd/trace-input.c
+++ b/lib/trace-cmd/trace-input.c
@@ -3946,13 +3946,14 @@ struct tracecmd_input *
tracecmd_buffer_instance_handle(struct tracecmd_input *handle, int indx)
{
struct tracecmd_input *new_handle;
- struct input_buffer_instance *buffer = &handle->buffers[indx];
+ struct input_buffer_instance *buffer;
size_t offset;
ssize_t ret;
if (indx >= handle->nr_buffers)
return NULL;
+ buffer = &handle->buffers[indx];
/*
* We make a copy of the current handle, but we substitute
* the cpu data with the cpu data for this buffer.
@@ -3966,6 +3967,7 @@ tracecmd_buffer_instance_handle(struct tracecmd_input *handle, int indx)
new_handle->nr_buffers = 0;
new_handle->buffers = NULL;
new_handle->version = NULL;
+ new_handle->guest = NULL;
new_handle->ref = 1;
if (handle->trace_clock) {
new_handle->trace_clock = strdup(handle->trace_clock);
--
2.31.1
|