X-Git-Url: https://git.ozlabs.org/?p=ccan;a=blobdiff_plain;f=ccan%2Ftdb2%2Fcheck.c;h=1ce56c2c474c892653deff8e79c0f6ca9088daa1;hp=c5450cccb0cd17d9e8ba248db18fb272b152023c;hb=96b169e986cda1de9ffbbdc98042e1099515ca34;hpb=dbbde01940aca8b46e69ad26f760e9b6e736f592

diff --git a/ccan/tdb2/check.c b/ccan/tdb2/check.c
index c5450ccc..1ce56c2c 100644
--- a/ccan/tdb2/check.c
+++ b/ccan/tdb2/check.c
@@ -315,37 +315,37 @@ static bool check_hash(struct tdb_context *tdb,
 static bool check_free(struct tdb_context *tdb,
 		       tdb_off_t off,
 		       const struct tdb_free_record *frec,
-		       tdb_off_t prev, tdb_off_t flist_off, unsigned int bucket)
+		       tdb_off_t prev, unsigned int flist, unsigned int bucket)
 {
 	if (frec_magic(frec) != TDB_FREE_MAGIC) {
 		tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 			 "tdb_check: offset %llu bad magic 0x%llx\n",
-			 (long long)off, (long long)frec->magic_and_meta);
+			 (long long)off, (long long)frec->magic_and_prev);
 		return false;
 	}
-	if (frec_flist(frec) != flist_off) {
+	if (frec_flist(frec) != flist) {
 		tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
-			 "tdb_check: offset %llu bad freelist 0x%llx\n",
-			 (long long)off, (long long)frec_flist(frec));
+			 "tdb_check: offset %llu bad freelist %u\n",
+			 (long long)off, frec_flist(frec));
 		return false;
 	}
 
 	if (tdb->methods->oob(tdb, off
-			      + frec->data_len+sizeof(struct tdb_used_record),
+			      + frec_len(frec) + sizeof(struct tdb_used_record),
 			      false))
 		return false;
-	if (size_to_bucket(frec->data_len) != bucket) {
+	if (size_to_bucket(frec_len(frec)) != bucket) {
 		tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 			 "tdb_check: offset %llu in wrong bucket %u vs %u\n",
 			 (long long)off,
-			 bucket, size_to_bucket(frec->data_len));
+			 bucket, size_to_bucket(frec_len(frec)));
 		return false;
 	}
-	if (prev != frec->prev) {
+	if (prev != frec_prev(frec)) {
 		tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 			 "tdb_check: offset %llu bad prev %llu vs %llu\n",
 			 (long long)off,
-			 (long long)prev, (long long)frec->prev);
+			 (long long)prev, (long long)frec_len(frec));
 		return false;
 	}
 	return true;
@@ -353,6 +353,7 @@ static bool check_free(struct tdb_context *tdb,
 		       
 static bool check_free_list(struct tdb_context *tdb,
 			    tdb_off_t flist_off,
+			    unsigned flist_num,
 			    tdb_off_t free[],
 			    size_t num_free,
 			    size_t *num_found)
@@ -384,7 +385,7 @@ static bool check_free_list(struct tdb_context *tdb,
 				return false;
 			if (tdb_read_convert(tdb, off, &f, sizeof(f)))
 				return false;
-			if (!check_free(tdb, off, &f, prev, flist_off, i))
+			if (!check_free(tdb, off, &f, prev, flist_num, i))
 				return false;
 
 			/* FIXME: Check hash bits */
@@ -435,20 +436,23 @@ static bool check_linear(struct tdb_context *tdb,
 			struct tdb_used_record u;
 			struct tdb_free_record f;
 			struct tdb_recovery_record r;
-		} pad, *p;
-		p = tdb_get(tdb, off, &pad, sizeof(pad));
-		if (!p)
+		} rec;
+		/* r is larger: only get that if we need to. */
+		if (tdb_read_convert(tdb, off, &rec, sizeof(rec.f)) == -1)
 			return false;
 
 		/* If we crash after ftruncate, we can get zeroes or fill. */
-		if (p->r.magic == TDB_RECOVERY_INVALID_MAGIC
-		    || p->r.magic ==  0x4343434343434343ULL) {
+		if (rec.r.magic == TDB_RECOVERY_INVALID_MAGIC
+		    || rec.r.magic ==  0x4343434343434343ULL) {
+			if (tdb_read_convert(tdb, off, &rec, sizeof(rec.r)))
+				return false;
+
 			if (recovery == off) {
 				found_recovery = true;
-				len = sizeof(p->r) + p->r.max_len;
+				len = sizeof(rec.r) + rec.r.max_len;
 			} else {
 				len = dead_space(tdb, off);
-				if (len < sizeof(p->r)) {
+				if (len < sizeof(rec.r)) {
 					tdb->log(tdb, TDB_DEBUG_ERROR,
 						 tdb->log_priv,
 						 "tdb_check: invalid dead space"
@@ -461,7 +465,9 @@ static bool check_linear(struct tdb_context *tdb,
 					 (size_t)off, (size_t)(off + len),
 					 (size_t)tdb->map_size);
 			}
-		} else if (p->r.magic == TDB_RECOVERY_MAGIC) {
+		} else if (rec.r.magic == TDB_RECOVERY_MAGIC) {
+			if (tdb_read_convert(tdb, off, &rec, sizeof(rec.r)))
+				return false;
 			if (recovery != off) {
 				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 					 "tdb_check: unexpected recovery"
@@ -469,11 +475,23 @@ static bool check_linear(struct tdb_context *tdb,
 					 (size_t)off);
 				return false;
 			}
+			if (rec.r.len > rec.r.max_len) {
+				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
+					 "tdb_check: invalid recovery length"
+					 " %zu\n", (size_t)rec.r.len);
+				return false;
+			}
+			if (rec.r.eof > tdb->map_size) {
+				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
+					 "tdb_check: invalid old EOF"
+					 " %zu\n", (size_t)rec.r.eof);
+				return false;
+			}
 			found_recovery = true;
-			len = sizeof(p->r) + p->r.max_len;
-		} else if (frec_magic(&p->f) == TDB_FREE_MAGIC
-			   || frec_magic(&p->f) == TDB_COALESCING_MAGIC) {
-			len = sizeof(p->u) + p->f.data_len;
+			len = sizeof(rec.r) + rec.r.max_len;
+		} else if (frec_magic(&rec.f) == TDB_FREE_MAGIC
+			   || frec_magic(&rec.f) == TDB_COALESCING_MAGIC) {
+			len = sizeof(rec.u) + frec_len(&rec.f);
 			if (off + len > tdb->map_size) {
 				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 					 "tdb_check: free overlength %llu"
@@ -482,18 +500,18 @@ static bool check_linear(struct tdb_context *tdb,
 				return false;
 			}
 			/* This record is free! */
-			if (frec_magic(&p->f) == TDB_FREE_MAGIC
+			if (frec_magic(&rec.f) == TDB_FREE_MAGIC
 			    && !append(free, num_free, off))
 				return false;
 		} else {
 			uint64_t klen, dlen, extra;
 
 			/* This record is used! */
-			if (rec_magic(&p->u) != TDB_MAGIC) {
+			if (rec_magic(&rec.u) != TDB_MAGIC) {
 				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 					 "tdb_check: Bad magic 0x%llx"
 					 " at offset %llu\n",
-					 (long long)rec_magic(&p->u),
+					 (long long)rec_magic(&rec.u),
 					 (long long)off);
 				return false;
 			}
@@ -501,11 +519,11 @@ static bool check_linear(struct tdb_context *tdb,
 			if (!append(used, num_used, off))
 				return false;
 
-			klen = rec_key_length(&p->u);
-			dlen = rec_data_length(&p->u);
-			extra = rec_extra_padding(&p->u);
+			klen = rec_key_length(&rec.u);
+			dlen = rec_data_length(&rec.u);
+			extra = rec_extra_padding(&rec.u);
 
-			len = sizeof(p->u) + klen + dlen + extra;
+			len = sizeof(rec.u) + klen + dlen + extra;
 			if (off + len > tdb->map_size) {
 				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 					 "tdb_check: used overlength %llu"
@@ -514,7 +532,7 @@ static bool check_linear(struct tdb_context *tdb,
 				return false;
 			}
 
-			if (len < sizeof(p->f)) {
+			if (len < sizeof(rec.f)) {
 				tdb->log(tdb, TDB_DEBUG_ERROR, tdb->log_priv,
 					 "tdb_check: too short record %llu at"
 					 " %llu\n",
@@ -560,7 +578,8 @@ int tdb_check(struct tdb_context *tdb,
 	for (flist = first_flist(tdb); flist; flist = next_flist(tdb, flist)) {
 		if (flist == TDB_OFF_ERR)
 			goto fail;
-		if (!check_free_list(tdb, flist, free, num_free, &num_found))
+		if (!check_free_list(tdb, flist, num_flists, free, num_free,
+				     &num_found))
 			goto fail;
 		num_flists++;
 	}