From b5df6b5a31b86b4403f00b7e0230c97883eca0f3 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 6 Aug 2024 11:32:10 +0200 Subject: [PATCH] BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() When calling TRACE_ENABLED(), which is called by TRACE_PRINTF(), we pass a NULL plockptr to __trace_enabled(). This argument is used when lockon is active, and may update the pointer. This is an overlook which also broke the lockon mechanism because now for calls from __trace(), it dereferences a pointer pointing to NULL, and never updates it due to the broken condition, so that trace() never sets up src->lockon_ptr. The bug was introduced in 2.8 by commit 8f9a9704bb ("MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active"), so the fix must be backported there. --- src/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/trace.c b/src/trace.c index a2fd31e04..8f6519dfb 100644 --- a/src/trace.c +++ b/src/trace.c @@ -205,7 +205,7 @@ int __trace_enabled(enum trace_level level, uint64_t mask, struct trace_source * if (src->lockon_ptr && src->lockon_ptr != lockon_ptr) return 0; - if (*plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING) + if (plockptr && !src->lockon_ptr && lockon_ptr && src->state == TRACE_STATE_RUNNING) *plockptr = lockon_ptr; }