+2006-06-07 [colin] 2.2.2cvs3
+
+ * src/msgcache.c
+ Fix catching cache read errors (guint instead of gint)
+ Prevent malloc'ing more than 8MB (means cache corruption)
+
2006-06-07 [paul] 2.2.2cvs2
* src/exporthtml.c
( cvs diff -u -r 1.75.2.25 -r 1.75.2.26 src/matcher.c; ) > 2.2.1cvs6.patchset
( cvs diff -u -r 1.654.2.1603 -r 1.654.2.1604 configure.ac; ) > 2.2.2cvs1.patchset
( cvs diff -u -r 1.5.2.12 -r 1.5.2.13 src/exporthtml.c; cvs diff -u -r 1.1.4.10 -r 1.1.4.11 src/exportldif.c; cvs diff -u -r 1.79.2.33 -r 1.79.2.34 src/mh.c; cvs diff -u -r 1.6.10.7 -r 1.6.10.8 src/mutt.c; cvs diff -u -r 1.6.2.6 -r 1.6.2.7 src/pine.c; cvs diff -u -r 1.36.2.64 -r 1.36.2.65 src/common/utils.c; ) > 2.2.2cvs2.patchset
+( cvs diff -u -r 1.16.2.31 -r 1.16.2.32 src/msgcache.c; ) > 2.2.2cvs3.patchset
if ((tmp_len = msgcache_read_cache_data_str(fp, &data, conv)) < 0) { \
procmsg_msginfo_free(msginfo); \
error = TRUE; \
- break; \
+ goto bail_err; \
} \
total_len += tmp_len; \
}
"offset %ld\n", ni, sizeof(idata), ftell(fp)); \
procmsg_msginfo_free(msginfo); \
error = TRUE; \
- break; \
+ goto bail_err; \
} else \
n = swapping ? bswap_32(idata) : (idata);\
}
if (len == 0)
return 0;
+ if (len > (8<<20)) {
+ /* allocating 8MB is too much. Something's going on */
+ g_warning("read_data_str: Cache data (len) probably corrupted, asked for %d bytes.", len);
+ return -1;
+ }
tmpstr = g_malloc(len + 1);
if ((ni = fread(tmpstr, 1, len, fp)) != len) {
const gchar *dstcharset = NULL;
gchar *ref = NULL;
guint memusage = 0;
- guint tmp_len = 0;
+ gint tmp_len = 0;
g_return_val_if_fail(cache_file != NULL, NULL);
g_return_val_if_fail(item != NULL, NULL);
if(msginfo->msgid)
g_hash_table_insert(cache->msgid_table, msginfo->msgid, msginfo);
}
+bail_err:
fclose(fp);
if (conv != NULL) {