From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>
If there are no parameters passed to the guest agent, then the loop
inside tracecmd_msg_read_data() will not iterate and the msg variable
will be accessed (freed) without being initailized causing a possible
SEGFAULT.
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
---
lib/trace-cmd/trace-msg.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/trace-cmd/trace-msg.c b/lib/trace-cmd/trace-msg.c
index 9c26401a..342d03e4 100644
--- a/lib/trace-cmd/trace-msg.c
+++ b/lib/trace-cmd/trace-msg.c
@@ -980,6 +980,8 @@ int tracecmd_msg_read_data(struct tracecmd_msg_handle *msg_handle, int ofd)
ssize_t s;
int ret;
+ memset(&msg, 0, sizeof(msg));
+
while (!tracecmd_msg_done(msg_handle)) {
n = read_msg_data(msg_handle, &msg);
if (n <= 0)
--
2.35.1
|