off, rec->next);
goto corrupt;
}
- if (tdb->tdb1.io->tdb1_oob(tdb, rec->next+sizeof(*rec), 0))
+ if (tdb->tdb1.io->tdb1_oob(tdb, rec->next, sizeof(*rec), 0))
goto corrupt;
/* Check rec_len: similar to rec->next, implies next record. */
goto corrupt;
}
/* OOB allows "right at the end" access, so this works for last rec. */
- if (tdb->tdb1.io->tdb1_oob(tdb, off+sizeof(*rec)+rec->rec_len, 0))
+ if (tdb->tdb1.io->tdb1_oob(tdb, off, sizeof(*rec)+rec->rec_len, 0))
goto corrupt;
/* Check tailer. */
bool found_recovery = false;
tdb1_len_t dead;
bool locked;
+ size_t alloc_len;
/* We may have a write lock already, so don't re-lock. */
if (tdb->file->allrecord_lock.count != 0) {
}
/* Make sure we know true size of the underlying file. */
- tdb->tdb1.io->tdb1_oob(tdb, tdb->file->map_size + 1, 1);
+ tdb->tdb1.io->tdb1_oob(tdb, tdb->file->map_size, 1, 1);
/* Header must be OK: also gets us the recovery ptr, if any. */
if (!tdb1_check_header(tdb, &recovery_start))
}
/* One big malloc: pointers then bit arrays. */
- hashes = (unsigned char **)calloc(
- 1, sizeof(hashes[0]) * (1+tdb->tdb1.header.hash_size)
- + BITMAP_BITS / CHAR_BIT * (1+tdb->tdb1.header.hash_size));
+ alloc_len = sizeof(hashes[0]) * (1+tdb->tdb1.header.hash_size)
+ + BITMAP_BITS / CHAR_BIT * (1+tdb->tdb1.header.hash_size);
+ hashes = (unsigned char **)calloc(1, alloc_len);
if (!hashes) {
- tdb->last_error = TDB_ERR_OOM;
+ tdb->last_error = tdb_logerr(tdb, TDB_ERR_OOM, TDB_LOG_ERROR,
+ "tdb_check: could not allocate %zu",
+ alloc_len);
goto unlock;
}