Mercurial > dovecot > core-2.2

changeset 5396:3b5269ad21d2 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Try to avoid crashes a bit harder with broken cache files.
author Timo Sirainen <tss@iki.fi>
date Fri, 23 Mar 2007 22:47:38 +0200
parents 124e2e48c1f8
children 3a0964ac3a5c
files src/util/idxview.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/util/idxview.c	Fri Mar 23 22:46:20 2007 +0200
+++ b/src/util/idxview.c	Fri Mar 23 22:47:38 2007 +0200
@@ -180,6 +180,10 @@
 		i_fatal("cache file fields read() %"PRIuSIZE_T" != %u",
 			ret, fields.size);
 	}
+	printf("fields_count: %u\n", fields.fields_count);
+
+	if (fields.fields_count > 10000)
+		i_fatal("Broken fields_count");
 
 	last_used = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_LAST_USED());
 	size = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_SIZE(fields.fields_count));
@@ -187,6 +191,9 @@
 	decision = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_DECISION(fields.fields_count));
 	names = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_NAMES(fields.fields_count));
 
+	if (names - (const char *)buf >= fields.size)
+		i_fatal("Fields go outside allocated size");
+
 	i_array_init(&cache_fields, 64);
 	memset(&field, 0, sizeof(field));
 	for (i = 0; i < fields.fields_count; i++) {