2009-05-04 [colin] 3.7.1cvs49
authorColin Leroy <colin@colino.net>
Mon, 4 May 2009 16:46:52 +0000 (16:46 +0000)
committerColin Leroy <colin@colino.net>
Mon, 4 May 2009 16:46:52 +0000 (16:46 +0000)
* src/msgcache.c
Probably fix bug 1914, 'Crash reading
corrupted tags file'

ChangeLog
PATCHSETS
configure.ac
src/msgcache.c

index f0042801426abf475ab6950133b31a54778ebac2..6bb449f45e053c56e19dfe40fc8efbf169c96f46 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-05-04 [colin]     3.7.1cvs49
+
+       * src/msgcache.c
+               Probably fix bug 1914, 'Crash reading
+               corrupted tags file'
+
 2009-04-26 [paul]      3.7.1cvs48
 
        * configure.ac
index 1173f095cb94f91e85f976ed547cd27d95dffdaf..1d70e77d042552c0ae8792bd6758d2d16c107369 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
 ( cvs diff -u -r 1.1.2.24 -r 1.1.2.25 src/printing.c;  cvs diff -u -r 1.43.2.108 -r 1.43.2.109 src/toolbar.c;  ) > 3.7.1cvs46.patchset
 ( cvs diff -u -r 1.1.2.25 -r 1.1.2.26 src/printing.c;  ) > 3.7.1cvs47.patchset
 ( cvs diff -u -r 1.654.2.3855 -r 1.654.2.3856 configure.ac;  cvs diff -u -r 1.5.2.17 -r 1.5.2.18 src/gtk/gtkaspell.h;  ) > 3.7.1cvs48.patchset
+( cvs diff -u -r 1.16.2.67 -r 1.16.2.68 src/msgcache.c;  ) > 3.7.1cvs49.patchset
index 0eb58261fed2610a6bcff3d42ec248da0e57cd2c..355cdb3dc80529cff9f46f6aa03564b6fb7bb02b 100644 (file)
@@ -12,7 +12,7 @@ MINOR_VERSION=7
 MICRO_VERSION=1
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=48
+EXTRA_VERSION=49
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 
index b34a47cf7245456eee6f2adf4be308b630e01ee7..d73df46a2eae8e2c9bec11d9a18b54878875da2b 100644 (file)
@@ -319,15 +319,25 @@ gint msgcache_get_memory_usage(MsgCache *cache)
                n = swapping ? bswap_32(idata) : (idata);\
 }
 
-#define GET_CACHE_DATA_INT(n) \
-{ \
-       n = (swapping ? (MMAP_TO_GUINT32_SWAPPED(walk_data)):(MMAP_TO_GUINT32(walk_data))); \
-       walk_data += 4; rem_len -= 4;                   \
+#define GET_CACHE_DATA_INT(n)                                                                  \
+{                                                                                              \
+       if (rem_len < 4) {                                                                      \
+               g_print("error at rem_len:%d\n", rem_len);                                      \
+               error = TRUE;                                                                   \
+               goto bail_err;                                                                  \
+       }                                                                                       \
+       n = (swapping ? (MMAP_TO_GUINT32_SWAPPED(walk_data)):(MMAP_TO_GUINT32(walk_data)));     \
+       walk_data += 4; rem_len -= 4;                                                           \
 }
 
 #define GET_CACHE_DATA(data, total_len) \
 { \
        GET_CACHE_DATA_INT(tmp_len);    \
+       if (rem_len < tmp_len) {                                                                \
+               g_print("error at rem_len:%d (tmp_len %d)\n", rem_len, tmp_len);                \
+               error = TRUE;                                                                   \
+               goto bail_err;                                                                  \
+       }                                                                                       \
        if ((tmp_len = msgcache_get_cache_data_str(walk_data, &data, tmp_len, conv)) < 0) { \
                g_print("error at rem_len:%d\n", rem_len);\
                procmsg_msginfo_free(msginfo); \
@@ -793,7 +803,8 @@ void msgcache_read_mark(MsgCache *cache, const gchar *mark_file)
        gint map_len = -1;
        char *cache_data = NULL;
        struct stat st;
-       
+       gboolean error;
+
        swapping = TRUE;
 
        /* In case we can't open the mark file with MARK_VERSION, check if we can open it with the
@@ -866,6 +877,7 @@ void msgcache_read_mark(MsgCache *cache, const gchar *mark_file)
                        }
                }       
        }
+bail_err:
        fclose(fp);
 }
 
@@ -877,7 +889,8 @@ void msgcache_read_tags(MsgCache *cache, const gchar *tags_file)
        gint map_len = -1;
        char *cache_data = NULL;
        struct stat st;
-       
+       gboolean error = FALSE;
+
        swapping = TRUE;
 
        /* In case we can't open the mark file with MARK_VERSION, check if we can open it with the
@@ -971,6 +984,7 @@ void msgcache_read_tags(MsgCache *cache, const gchar *tags_file)
                        }
                }
        }
+bail_err:
        fclose(fp);
 }