Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 2edfb89f28f6d208e3201423f20cf6860b96cf85^! / .
commit2edfb89f28f6d208e3201423f20cf6860b96cf85[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue Aug 06 11:32:10 2024 +0200
committerWilly Tarreau <w@1wt.eu>Thu Sep 05 17:28:27 2024 +0200
treedfd901307cddf58218be5d0987988a7ea92b76cb
parent16f1113c74ef5ba10804b7da0b060b369dbf95a9 [diff]
BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()

When calling TRACE_ENABLED(), which is called by TRACE_PRINTF(), we pass
a NULL plockptr to __trace_enabled(). This argument is used when lockon
is active, and may update the pointer. This is an overlook which also
broke the lockon mechanism because now for calls from __trace(), it
dereferences a pointer pointing to NULL, and never updates it due to the
broken condition, so that trace() never sets up src->lockon_ptr.

The bug was introduced in 2.8 by commit 8f9a9704bb ("MINOR: trace: add a
TRACE_ENABLED() macro to determine if a trace is active"), so the fix must
be backported there.

(cherry picked from commit b5df6b5a31b86b4403f00b7e0230c97883eca0f3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit fe71ad89da6638be39f71824cdab7ef015a575d2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 554237cc442ba57ff166bf41d3d244589b01a138)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/trace.c b/src/trace.c
index 733bb25..c045a32 100644
--- a/src/trace.c
+++ b/src/trace.c

@@ -205,7 +205,7 @@
 		if (src->lockon_ptr && src->lockon_ptr != lockon_ptr)
 			return 0;
 
-		if (*plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING)
+		if (plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING)
 			*plockptr = lockon_ptr;
 	}