From b64494535dc62f4073fc6302847593ed6e6ec38b Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 19 Dec 2011 15:47:50 +1030 Subject: tdb: be more careful on 4G files. I came across a tdb which had wrapped to 4G + 4K, and the contents had been destroyed by processes which thought it only 4k long. Fix this by checking on open, and making tdb_oob() check for wrap itself. Signed-off-by: Rusty Russell Autobuild-User: Rusty Russell Autobuild-Date: Mon Dec 19 07:52:01 CET 2011 on sn-devel-104 --- lib/tdb/common/check.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/tdb/common/check.c') diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c index 3387fbd098..313f55cbb0 100644 --- a/lib/tdb/common/check.c +++ b/lib/tdb/common/check.c @@ -92,7 +92,7 @@ static bool tdb_check_record(struct tdb_context *tdb, off, rec->next)); goto corrupt; } - if (tdb->methods->tdb_oob(tdb, rec->next+sizeof(*rec), 0)) + if (tdb->methods->tdb_oob(tdb, rec->next, sizeof(*rec), 0)) goto corrupt; /* Check rec_len: similar to rec->next, implies next record. */ @@ -110,7 +110,7 @@ static bool tdb_check_record(struct tdb_context *tdb, goto corrupt; } /* OOB allows "right at the end" access, so this works for last rec. */ - if (tdb->methods->tdb_oob(tdb, off+sizeof(*rec)+rec->rec_len, 0)) + if (tdb->methods->tdb_oob(tdb, off, sizeof(*rec)+rec->rec_len, 0)) goto corrupt; /* Check tailer. */ @@ -345,7 +345,7 @@ _PUBLIC_ int tdb_check(struct tdb_context *tdb, } /* Make sure we know true size of the underlying file. */ - tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1); + tdb->methods->tdb_oob(tdb, tdb->map_size, 1, 1); /* Header must be OK: also gets us the recovery ptr, if any. */ if (!tdb_check_header(tdb, &recovery_start)) -- cgit