2006-06-07 [colin] 2.2.2cvs3

	* src/msgcache.c
		Fix catching cache read errors (guint instead of gint)
		Prevent malloc'ing more than 8MB (means cache corruption)

diff --git a/ChangeLog b/ChangeLog
index e256c4c4e711379e0e24e56b1e3b7bcaa2519b7d..bd9dd68c731120a8749ce9361aacd12290e7836c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-06-07 [colin]     2.2.2cvs3
+
+       * src/msgcache.c
+               Fix catching cache read errors (guint instead of gint)
+               Prevent malloc'ing more than 8MB (means cache corruption)
+
 2006-06-07 [paul]      2.2.2cvs2
 
        * src/exporthtml.c

diff --git a/PATCHSETS b/PATCHSETS
index a60bc4fd051a50cd384cd8785bf154253ed733db..3de98bc85e32cfa6a15b48a4f404b70932e6c068 100644 (file)
--- a/PATCHSETS
+++ b/PATCHSETS
@@ -1560,3 +1560,4 @@
 ( cvs diff -u -r 1.75.2.25 -r 1.75.2.26 src/matcher.c;  ) > 2.2.1cvs6.patchset
 ( cvs diff -u -r 1.654.2.1603 -r 1.654.2.1604 configure.ac;  ) > 2.2.2cvs1.patchset
 ( cvs diff -u -r 1.5.2.12 -r 1.5.2.13 src/exporthtml.c;  cvs diff -u -r 1.1.4.10 -r 1.1.4.11 src/exportldif.c;  cvs diff -u -r 1.79.2.33 -r 1.79.2.34 src/mh.c;  cvs diff -u -r 1.6.10.7 -r 1.6.10.8 src/mutt.c;  cvs diff -u -r 1.6.2.6 -r 1.6.2.7 src/pine.c;  cvs diff -u -r 1.36.2.64 -r 1.36.2.65 src/common/utils.c;  ) > 2.2.2cvs2.patchset
+( cvs diff -u -r 1.16.2.31 -r 1.16.2.32 src/msgcache.c;  ) > 2.2.2cvs3.patchset

diff --git a/configure.ac b/configure.ac
index 00592e80085e1a616c7fa6d63a009caabc215dba..0cd317de1b0efe1f0da2a7ce685a363db96b317e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -11,7 +11,7 @@ MINOR_VERSION=2
 MICRO_VERSION=2
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=2
+EXTRA_VERSION=3
 EXTRA_RELEASE=
 EXTRA_GTK2_VERSION=
 

diff --git a/src/msgcache.c b/src/msgcache.c
index ce4ad42b633dfcd9c6a16ee2e9a5a3cfc3cd6904..e9ab3f5495efec7a62403578c119e99fc4569e61 100644 (file)
--- a/src/msgcache.c
+++ b/src/msgcache.c
@@ -241,7 +241,7 @@ gint msgcache_get_memory_usage(MsgCache *cache)
        if ((tmp_len = msgcache_read_cache_data_str(fp, &data, conv)) < 0) { \
                procmsg_msginfo_free(msginfo); \
                error = TRUE; \
-               break; \
+               goto bail_err; \
        } \
        total_len += tmp_len; \
 }
@@ -256,7 +256,7 @@ gint msgcache_get_memory_usage(MsgCache *cache)
                          "offset %ld\n", ni, sizeof(idata), ftell(fp)); \
                procmsg_msginfo_free(msginfo); \
                error = TRUE; \
-               break; \
+               goto bail_err; \
        } else \
                n = swapping ? bswap_32(idata) : (idata);\
 }
@@ -367,6 +367,11 @@ static gint msgcache_read_cache_data_str(FILE *fp, gchar **str,
        if (len == 0)
                return 0;
 
+       if (len > (8<<20)) {
+               /* allocating 8MB is too much. Something's going on */
+               g_warning("read_data_str: Cache data (len) probably corrupted, asked for %d bytes.", len);
+               return -1;
+       }
        tmpstr = g_malloc(len + 1);
 
        if ((ni = fread(tmpstr, 1, len, fp)) != len) {
@@ -422,7 +427,7 @@ MsgCache *msgcache_read_cache(FolderItem *item, const gchar *cache_file)
        const gchar *dstcharset = NULL;
        gchar *ref = NULL;
        guint memusage = 0;
-       guint tmp_len = 0;
+       gint tmp_len = 0;
        
        g_return_val_if_fail(cache_file != NULL, NULL);
        g_return_val_if_fail(item != NULL, NULL);
@@ -526,6 +531,7 @@ MsgCache *msgcache_read_cache(FolderItem *item, const gchar *cache_file)
                if(msginfo->msgid)
                        g_hash_table_insert(cache->msgid_table, msginfo->msgid, msginfo);
        }
+bail_err:
        fclose(fp);
 
        if (conv != NULL) {