From: Colin Leroy Date: Mon, 4 May 2009 16:46:52 +0000 (+0000) Subject: 2009-05-04 [colin] 3.7.1cvs49 X-Git-Tag: rel_3_7_2~38 X-Git-Url: http://git.claws-mail.org/?p=claws.git;a=commitdiff_plain;h=0b0db176e378c01771b25ab571a7c3f3bf19ecde;hp=857abfa7c035d930dfda746fdbb3e546e0eba202 2009-05-04 [colin] 3.7.1cvs49 * src/msgcache.c Probably fix bug 1914, 'Crash reading corrupted tags file' --- diff --git a/ChangeLog b/ChangeLog index f00428014..6bb449f45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2009-05-04 [colin] 3.7.1cvs49 + + * src/msgcache.c + Probably fix bug 1914, 'Crash reading + corrupted tags file' + 2009-04-26 [paul] 3.7.1cvs48 * configure.ac diff --git a/PATCHSETS b/PATCHSETS index 1173f095c..1d70e77d0 100644 --- a/PATCHSETS +++ b/PATCHSETS @@ -3788,3 +3788,4 @@ ( cvs diff -u -r 1.1.2.24 -r 1.1.2.25 src/printing.c; cvs diff -u -r 1.43.2.108 -r 1.43.2.109 src/toolbar.c; ) > 3.7.1cvs46.patchset ( cvs diff -u -r 1.1.2.25 -r 1.1.2.26 src/printing.c; ) > 3.7.1cvs47.patchset ( cvs diff -u -r 1.654.2.3855 -r 1.654.2.3856 configure.ac; cvs diff -u -r 1.5.2.17 -r 1.5.2.18 src/gtk/gtkaspell.h; ) > 3.7.1cvs48.patchset +( cvs diff -u -r 1.16.2.67 -r 1.16.2.68 src/msgcache.c; ) > 3.7.1cvs49.patchset diff --git a/configure.ac b/configure.ac index 0eb58261f..355cdb3dc 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ MINOR_VERSION=7 MICRO_VERSION=1 INTERFACE_AGE=0 BINARY_AGE=0 -EXTRA_VERSION=48 +EXTRA_VERSION=49 EXTRA_RELEASE= EXTRA_GTK2_VERSION= diff --git a/src/msgcache.c b/src/msgcache.c index b34a47cf7..d73df46a2 100644 --- a/src/msgcache.c +++ b/src/msgcache.c @@ -319,15 +319,25 @@ gint msgcache_get_memory_usage(MsgCache *cache) n = swapping ? bswap_32(idata) : (idata);\ } -#define GET_CACHE_DATA_INT(n) \ -{ \ - n = (swapping ? (MMAP_TO_GUINT32_SWAPPED(walk_data)):(MMAP_TO_GUINT32(walk_data))); \ - walk_data += 4; rem_len -= 4; \ +#define GET_CACHE_DATA_INT(n) \ +{ \ + if (rem_len < 4) { \ + g_print("error at rem_len:%d\n", rem_len); \ + error = TRUE; \ + goto bail_err; \ + } \ + n = (swapping ? (MMAP_TO_GUINT32_SWAPPED(walk_data)):(MMAP_TO_GUINT32(walk_data))); \ + walk_data += 4; rem_len -= 4; \ } #define GET_CACHE_DATA(data, total_len) \ { \ GET_CACHE_DATA_INT(tmp_len); \ + if (rem_len < tmp_len) { \ + g_print("error at rem_len:%d (tmp_len %d)\n", rem_len, tmp_len); \ + error = TRUE; \ + goto bail_err; \ + } \ if ((tmp_len = msgcache_get_cache_data_str(walk_data, &data, tmp_len, conv)) < 0) { \ g_print("error at rem_len:%d\n", rem_len);\ procmsg_msginfo_free(msginfo); \ @@ -793,7 +803,8 @@ void msgcache_read_mark(MsgCache *cache, const gchar *mark_file) gint map_len = -1; char *cache_data = NULL; struct stat st; - + gboolean error; + swapping = TRUE; /* In case we can't open the mark file with MARK_VERSION, check if we can open it with the @@ -866,6 +877,7 @@ void msgcache_read_mark(MsgCache *cache, const gchar *mark_file) } } } +bail_err: fclose(fp); } @@ -877,7 +889,8 @@ void msgcache_read_tags(MsgCache *cache, const gchar *tags_file) gint map_len = -1; char *cache_data = NULL; struct stat st; - + gboolean error = FALSE; + swapping = TRUE; /* In case we can't open the mark file with MARK_VERSION, check if we can open it with the @@ -971,6 +984,7 @@ void msgcache_read_tags(MsgCache *cache, const gchar *tags_file) } } } +bail_err: fclose(fp); }