From d178741eff1b9d6f6a6ceb7d620bb76163322b64 Mon Sep 17 00:00:00 2001 From: Megh Bhatt Date: Thu, 28 Jul 2016 16:34:38 -0700 Subject: [PATCH] Prevent access after free of trace messages Add a GetNextSeqNum() function and call it to set the sequence number in the trace message before calling TraceWrite(). Change-Id: I2d71e63421f5732648d40da69f1b5e65e520950d Partial-Bug: #1602899 --- src/base/trace.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/base/trace.h b/src/base/trace.h index 883b93fe289..21942f7f949 100644 --- a/src/base/trace.h +++ b/src/base/trace.h @@ -24,8 +24,8 @@ class TraceBuffer { trace_buf_(trace_buf_size_), write_index_(0), read_index_(0), - wrap_(false), - seqno_(0) { + wrap_(false) { + seqno_ = 0; trace_enable_ = trace_enable; } @@ -54,7 +54,7 @@ class TraceBuffer { return trace_buf_size_; } - uint32_t TraceWrite(TraceEntryT *trace_entry) { + void TraceWrite(TraceEntryT *trace_entry) { tbb::mutex::scoped_lock lock(mutex_); // Add the trace @@ -90,13 +90,15 @@ class TraceBuffer { read_context_map_.erase(it); } } + } + uint32_t GetNextSeqNum() { + uint32_t nseqno(seqno_.fetch_and_increment()); // Reset seqno_ if it reaches max value - if (++seqno_ > kMaxSeqno) { + if (nseqno > kMaxSeqno) { seqno_ = kMinSeqno; } - - return seqno_; + return nseqno; } void TraceRead(const std::string& context, const int count, @@ -166,7 +168,7 @@ class TraceBuffer { // trace message in the trace buffer bool wrap_; // indicates if the trace buffer is wrapped ReadContextMap read_context_map_; // stores the read context - uint32_t seqno_; + tbb::atomic seqno_; tbb::mutex mutex_; // Reserve 0 and max(uint32_t)