diff --git a/packages/babeltrace2/0001-ctf-grow-stored_values-array-when-necessary.patch b/packages/babeltrace2/0001-ctf-grow-stored_values-array-when-necessary.patch new file mode 100644 index 0000000..0a023eb --- /dev/null +++ b/packages/babeltrace2/0001-ctf-grow-stored_values-array-when-necessary.patch @@ -0,0 +1,79 @@ +From 795a60c9c7a228da03c2e9977d01d4b6f22e933a Mon Sep 17 00:00:00 2001 +From: Simon Marchi +Date: Fri, 22 Sep 2023 15:36:20 -0400 +Subject: [PATCH] ctf: grow stored_values array when necessary +​ +The CTF message iterator accesses the `stored_values` array out of +bounds in the following situation: +​ + - In the context of a src.ctf.lttng-live source, a ctf_trace_class gets + created from some metadata. + - At this point, ctf_trace_class->stored_value_count indicates that a + certain number of stored values are necessary given the metadata + parsed up to now. + - The message iterators are created with `stored_values` arrays of that + size. + - The source receives more metadata, which requires more stored + values. + - The message iterator reads some event described by the new metadata, + that requires the use of a stored value. + - Since the stored value arrays have not been resized to reflect the + necessary number of stored value considering the new metadata, the + message iterator tries to store a value past the end of the array. +​ +Fix this by ensuring the `stored_values` array is large enough before +storing a value in it. +​ +Change-Id: I78e3ca57ac6cae1959425df3c8ffdbfeb534f348 +Signed-off-by: Simon Marchi +--- + src/plugins/ctf/common/msg-iter/msg-iter.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) +​ +diff --git a/src/plugins/ctf/common/msg-iter/msg-iter.c b/src/plugins/ctf/common/msg-iter/msg-iter.c +index a49462b85977..24924f2b69b6 100644 +--- a/src/plugins/ctf/common/msg-iter/msg-iter.c ++++ b/src/plugins/ctf/common/msg-iter/msg-iter.c +@@ -1933,6 +1933,22 @@ end: + "value=%" PRIu64, msg_it->default_clock_snapshot); + } + ++/* ++ * Ensure the message iterator's `stored_values` array is large enough to ++ * accomodate `storing_index`. ++ * ++ * We may need more slots in the array than initially allocated if more ++ * metadata arrives along the way. ++ */ ++static ++void ensure_stored_values_size(struct ctf_msg_iter *msg_it, ++ uint64_t storing_index) ++{ ++ if (G_UNLIKELY(storing_index >= msg_it->stored_values->len)) { ++ g_array_set_size(msg_it->stored_values, msg_it->meta.tc->stored_value_count); ++ } ++} ++ + static + enum bt_bfcr_status bfcr_unsigned_int_cb(uint64_t value, + struct ctf_field_class *fc, void *data) +@@ -2001,6 +2017,7 @@ update_def_clock: + } + + if (G_UNLIKELY(int_fc->storing_index >= 0)) { ++ ensure_stored_values_size(msg_it, int_fc->storing_index); + g_array_index(msg_it->stored_values, uint64_t, + (uint64_t) int_fc->storing_index) = value; + } +@@ -2090,6 +2107,7 @@ enum bt_bfcr_status bfcr_signed_int_cb(int64_t value, + BT_ASSERT_DBG(int_fc->meaning == CTF_FIELD_CLASS_MEANING_NONE); + + if (G_UNLIKELY(int_fc->storing_index >= 0)) { ++ ensure_stored_values_size(msg_it, int_fc->storing_index); + g_array_index(msg_it->stored_values, uint64_t, + (uint64_t) int_fc->storing_index) = (uint64_t) value; + } +​ +base-commit: 75daa1081c5cfee4197203dc826f30f58174fbac +-- +2.42.0 diff --git a/packages/babeltrace2/package.py b/packages/babeltrace2/package.py index 36e09a6..2a68d6c 100644 --- a/packages/babeltrace2/package.py +++ b/packages/babeltrace2/package.py @@ -15,6 +15,7 @@ class Babeltrace2(AutotoolsPackage): maintainers = ['Kerilk'] + version('2.0.5', sha256='7b8f9ef2a7ee7c9ec292d4568811cf6926089b25e49cdaab449e2cb724edf2b4') version('2.0.4', sha256='774f116685dab5db9c51577dde43c8c1df482aae6bb78a089b1e9e7c8b489bca') version('2.0.3', sha256='a53625152554102d868ba8395347d0daba0bec9c4b854c3e9bd97c77b0bf04a0') version('2.0.2', sha256='30c684e8b948fb79b12ee6861957dc3b99f2aba33a11cfb7fbe598e8a4aae24a') @@ -42,8 +43,9 @@ class Babeltrace2(AutotoolsPackage): depends_on('pkg-config') patch('d2d2e6cc.patch') - patch('0db1832.patch') + patch('0db1832.patch', when='@:2.0.4') patch('3079913.patch') + patch('0001-ctf-grow-stored_values-array-when-necessary.patch', when='@:2.0.5') def configure_args(self): args = []