Mercurial > dovecot > original-hg > dovecot-1.2
changeset 5396:3b5269ad21d2 HEAD
Try to avoid crashes a bit harder with broken cache files.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 23 Mar 2007 22:47:38 +0200 |
parents | 124e2e48c1f8 |
children | 3a0964ac3a5c |
files | src/util/idxview.c |
diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/util/idxview.c Fri Mar 23 22:46:20 2007 +0200 +++ b/src/util/idxview.c Fri Mar 23 22:47:38 2007 +0200 @@ -180,6 +180,10 @@ i_fatal("cache file fields read() %"PRIuSIZE_T" != %u", ret, fields.size); } + printf("fields_count: %u\n", fields.fields_count); + + if (fields.fields_count > 10000) + i_fatal("Broken fields_count"); last_used = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_LAST_USED()); size = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_SIZE(fields.fields_count)); @@ -187,6 +191,9 @@ decision = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_DECISION(fields.fields_count)); names = CONST_PTR_OFFSET(buf, MAIL_CACHE_FIELD_NAMES(fields.fields_count)); + if (names - (const char *)buf >= fields.size) + i_fatal("Fields go outside allocated size"); + i_array_init(&cache_fields, 64); memset(&field, 0, sizeof(field)); for (i = 0; i < fields.fields_count; i++) {