dovecot-2.2: lib-index: Assert-crash instead of writing a broken...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jun 25 15:48:30 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/8cf482b749e2
changeset: 16552:8cf482b749e2
user: Timo Sirainen <tss at iki.fi>
date: Tue Jun 25 15:47:48 2013 +0300
description:
lib-index: Assert-crash instead of writing a broken transaction with too large ext header update.
diffstat:
src/lib-index/mail-index-transaction-export.c | 21 ++++++++++++++-------
1 files changed, 14 insertions(+), 7 deletions(-)
diffs (84 lines):
diff -r 04c64300f81f -r 8cf482b749e2 src/lib-index/mail-index-transaction-export.c
--- a/src/lib-index/mail-index-transaction-export.c Tue Jun 25 15:46:50 2013 +0300
+++ b/src/lib-index/mail-index-transaction-export.c Tue Jun 25 15:47:48 2013 +0300
@@ -82,7 +82,8 @@
}
static void log_append_ext_intro(struct mail_index_export_context *ctx,
- uint32_t ext_id, uint32_t reset_id)
+ uint32_t ext_id, uint32_t reset_id,
+ unsigned int *hdr_size_r)
{
struct mail_index_transaction *t = ctx->trans;
const struct mail_index_registered_ext *rext;
@@ -161,11 +162,13 @@
}
log_append_buffer(ctx, buf, MAIL_TRANSACTION_EXT_INTRO);
+ *hdr_size_r = intro->hdr_size;
}
static void
log_append_ext_hdr_update(struct mail_index_export_context *ctx,
- const struct mail_index_transaction_ext_hdr_update *hdr)
+ const struct mail_index_transaction_ext_hdr_update *hdr,
+ unsigned int ext_hdr_size)
{
buffer_t *buf;
const unsigned char *data, *mask;
@@ -197,6 +200,7 @@
u.size = u32.size;
buffer_append(buf, &u, sizeof(u));
}
+ i_assert(u32.offset + u32.size <= ext_hdr_size);
buffer_append(buf, data + u32.offset, u32.size);
started = FALSE;
}
@@ -216,7 +220,7 @@
const struct mail_index_transaction_ext_hdr_update *hdrs;
struct mail_transaction_ext_reset ext_reset;
unsigned int resize_count, ext_count = 0;
- unsigned int hdrs_count, reset_id_count, reset_count;
+ unsigned int hdrs_count, reset_id_count, reset_count, hdr_size;
uint32_t ext_id, reset_id;
const struct mail_transaction_ext_reset *reset;
const uint32_t *reset_ids;
@@ -276,7 +280,9 @@
reset_id = ext_id < reset_id_count ?
reset_ids[ext_id] : 0;
}
- log_append_ext_intro(ctx, ext_id, reset_id);
+ log_append_ext_intro(ctx, ext_id, reset_id, &hdr_size);
+ } else {
+ hdr_size = 0;
}
if (ext_reset.new_reset_id != 0) {
i_assert(ext_id < reset_id_count &&
@@ -286,7 +292,8 @@
}
if (ext_id < hdrs_count && hdrs[ext_id].alloc_size > 0) {
T_BEGIN {
- log_append_ext_hdr_update(ctx, &hdrs[ext_id]);
+ log_append_ext_hdr_update(ctx, &hdrs[ext_id],
+ hdr_size);
} T_END;
}
}
@@ -299,7 +306,7 @@
struct mail_index_transaction *t = ctx->trans;
const ARRAY_TYPE(seq_array) *updates;
const uint32_t *reset_ids;
- unsigned int ext_id, count, reset_id_count;
+ unsigned int ext_id, count, reset_id_count, hdr_size;
uint32_t reset_id;
if (!array_is_created(&t->ext_reset_ids)) {
@@ -316,7 +323,7 @@
continue;
reset_id = ext_id < reset_id_count ? reset_ids[ext_id] : 0;
- log_append_ext_intro(ctx, ext_id, reset_id);
+ log_append_ext_intro(ctx, ext_id, reset_id, &hdr_size);
log_append_buffer(ctx, updates[ext_id].arr.buffer, type);
}
More information about the dovecot-cvs
mailing list