summaryrefslogtreecommitdiffabout
path: root/src
authorSergey Poznyakoff <gray@gnu.org>2018-05-24 05:09:48 (GMT)
committer Sergey Poznyakoff <gray@gnu.org>2018-05-24 05:09:48 (GMT)
commit0665bcf0c9cdf756f9d5edc6a638c56602c42065 (patch) (side-by-side diff)
tree590d81a45721edca6b3530e7681d8f0db32af94b /src
parentce702a1ca5ed9240cd0a70583c4234c34ce81b73 (diff)
downloadgdbm-0665bcf0c9cdf756f9d5edc6a638c56602c42065.tar.gz
gdbm-0665bcf0c9cdf756f9d5edc6a638c56602c42065.tar.bz2
error checking: check for avail_block consistency before using it
* src/gdbmdefs.h (gdbm_avail_block_valid_p): New function. * src/gdbm.h.in (GDBM_BAD_AVAIL): New error code. * src/gdbmerrno.c: Support new error code. * src/falloc.c (pop_avail_block): Validate the avail_block * src/gdbmopen.c (validate_header): Validate the avail_block. * src/gdbmtool.c (_gdbm_avail_list_size) (_gdbm_print_avail_list): Validate the avail_block.
Diffstat (limited to 'src') (more/less context) (ignore whitespace changes)
-rw-r--r--src/falloc.c13
-rw-r--r--src/gdbm.h.in3
-rw-r--r--src/gdbmdefs.h7
-rw-r--r--src/gdbmerrno.c3
-rw-r--r--src/gdbmopen.c4
-rw-r--r--src/gdbmtool.c37
6 files changed, 48 insertions, 19 deletions
diff --git a/src/falloc.c b/src/falloc.c
index 3f437a6..33a238a 100644
--- a/src/falloc.c
+++ b/src/falloc.c
@@ -154,3 +154,3 @@ _gdbm_free (GDBM_FILE dbf, off_t file_adr, int num_bytes)
/* Gets the avail block at the top of the stack and loads it into the
- active avail block. It does a "free" for itself! This can (and is)
+ active avail block. It does a "free" for itself! This can be (and is)
now called even when the avail block is not empty, so we must be
@@ -208,2 +208,9 @@ pop_avail_block (GDBM_FILE dbf)
+ if (!gdbm_avail_block_valid_p (new_blk))
+ {
+ gdbm_set_errno (dbf, GDBM_BAD_AVAIL, TRUE);
+ _gdbm_fatal (dbf, gdbm_db_strerror (dbf));
+ return -1;
+ }
+
/* Add the elements from the new block to the header. */
@@ -212,4 +219,4 @@ pop_avail_block (GDBM_FILE dbf)
{
- while(index < new_blk->count
- && dbf->header->avail.count < dbf->header->avail.size)
+ while (index < new_blk->count
+ && dbf->header->avail.count < dbf->header->avail.size)
{
diff --git a/src/gdbm.h.in b/src/gdbm.h.in
index 3d19de7..61d5707 100644
--- a/src/gdbm.h.in
+++ b/src/gdbm.h.in
@@ -223,5 +223,6 @@ extern int gdbm_copy_meta (GDBM_FILE dst, GDBM_FILE src);
# define GDBM_BAD_HEADER 33
+# define GDBM_BAD_AVAIL 34
# define _GDBM_MIN_ERRNO 0
-# define _GDBM_MAX_ERRNO GDBM_BAD_HEADER
+# define _GDBM_MAX_ERRNO GDBM_BAD_AVAIL
diff --git a/src/gdbmdefs.h b/src/gdbmdefs.h
index bd104e2..5305b0d 100644
--- a/src/gdbmdefs.h
+++ b/src/gdbmdefs.h
@@ -53,2 +53,9 @@ typedef struct
+/* Return true if avail_block is valid */
+static int inline
+gdbm_avail_block_valid_p (avail_block const *av)
+{
+ return (av->size >= 0 && av->count >= 0 && av->count <= av->size);
+}
+
/* The dbm file header keeps track of the current location of the hash
diff --git a/src/gdbmerrno.c b/src/gdbmerrno.c
index 7124b3a..896bf70 100644
--- a/src/gdbmerrno.c
+++ b/src/gdbmerrno.c
@@ -135,3 +135,4 @@ const char * const gdbm_errlist[_GDBM_MAX_ERRNO+1] = {
[GDBM_BAD_BUCKET] = N_("Malformed bucket header"),
- [GDBM_BAD_HEADER] = N_("Malformed database file header")
+ [GDBM_BAD_HEADER] = N_("Malformed database file header"),
+ [GDBM_BAD_AVAIL] = N_("Malforemd avail_block")
};
diff --git a/src/gdbmopen.c b/src/gdbmopen.c
index 5d59f65..b84ad63 100644
--- a/src/gdbmopen.c
+++ b/src/gdbmopen.c
@@ -110,2 +110,6 @@ validate_header (gdbm_file_header const *hdr, struct stat const *st)
return GDBM_BAD_HEADER;
+
+ /* Validate the avail block */
+ if (!gdbm_avail_block_valid_p (&hdr->avail))
+ return GDBM_BAD_HEADER;
diff --git a/src/gdbmtool.c b/src/gdbmtool.c
index c522ad0..18d0e10 100644
--- a/src/gdbmtool.c
+++ b/src/gdbmtool.c
@@ -227,5 +227,8 @@ _gdbm_avail_list_size (GDBM_FILE dbf, size_t min_size)
- lines += av_stk->count;
- if (lines > min_size)
- break;
+ if (gdbm_avail_block_valid_p (av_stk))
+ {
+ lines += av_stk->count;
+ if (lines > min_size)
+ break;
+ }
temp = av_stk->next_block;
@@ -237,2 +240,14 @@ _gdbm_avail_list_size (GDBM_FILE dbf, size_t min_size)
+static void
+av_table_display (avail_elem *av_table, int count, FILE *fp)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ {
+ fprintf (fp, " %15d %10lu \n",
+ av_table[i].av_size, (unsigned long) av_table[i].av_adr);
+ }
+}
+
void
@@ -248,8 +263,3 @@ _gdbm_print_avail_list (FILE *fp, GDBM_FILE dbf)
dbf->header->avail.size, dbf->header->avail.count);
- for (temp = 0; temp < dbf->header->avail.count; temp++)
- {
- fprintf (fp, " %15d %10lu \n",
- dbf->header->avail.av_table[temp].av_size,
- (unsigned long) dbf->header->avail.av_table[temp].av_adr);
- }
+ av_table_display (dbf->header->avail.av_table, dbf->header->avail.count, fp);
@@ -282,7 +292,6 @@ _gdbm_print_avail_list (FILE *fp, GDBM_FILE dbf)
av_stk->size, av_stk->count);
- for (temp = 0; temp < av_stk->count; temp++)
- {
- fprintf (fp, " %15d %10lu \n", av_stk->av_table[temp].av_size,
- (unsigned long) av_stk->av_table[temp].av_adr);
- }
+ if (gdbm_avail_block_valid_p (av_stk))
+ av_table_display (av_stk->av_table, av_stk->count, fp);
+ else
+ terror (_("invalid avail_block"));
temp = av_stk->next_block;

Return to:

Send suggestions and report system problems to the System administrator.