Mercurial > dovecot > core-2.2

changeset 17469:54f1beb8d071

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fts: Improved doveadm fts dump for corrupted expunge log Although we may still be trying to allocate up to 2 GB of memory, but at least no more than that now. Found by Coverity
author Timo Sirainen <tss@iki.fi>
date Fri, 13 Jun 2014 01:11:24 +0300
parents aac4f4b886d2
children ecbe9abc14e3
files src/plugins/fts/doveadm-dump-fts-expunge-log.c
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/plugins/fts/doveadm-dump-fts-expunge-log.c	Fri Jun 13 01:02:48 2014 +0300
+++ b/src/plugins/fts/doveadm-dump-fts-expunge-log.c	Fri Jun 13 01:11:24 2014 +0300
@@ -36,6 +36,11 @@
 	if (ret != sizeof(rec))
 		i_fatal("rec read() %d != %d", (int)ret, (int)sizeof(rec));
 
+	if (rec.record_size < sizeof(rec) + sizeof(uint32_t) ||
+	    rec.record_size > INT_MAX) {
+		i_fatal("Invalid record_size=%u at offset %"PRIuUOFF_T,
+			rec.record_size, offset);
+	}
 	data_size = rec.record_size - sizeof(rec);
 	buffer_set_used_size(buf, 0);
 	data = buffer_append_space_unsafe(buf, data_size);