It's much harder to wrap a 64-bit tdb2 than a 32-bit tdb1, but we should still
take care against bugs.
Also, we should *not* cast the length to a size_t when comparing it to
the stat result, in case size_t is 32 bit.
- ecode = tdb->tdb2.io->oob(tdb, off
- + frec_len(frec)
+ ecode = tdb->tdb2.io->oob(tdb, off,
+ frec_len(frec)
+ sizeof(struct tdb_used_record),
false);
if (ecode != TDB_SUCCESS) {
+ sizeof(struct tdb_used_record),
false);
if (ecode != TDB_SUCCESS) {
/* Someone else may have expanded the file, so retry. */
old_size = tdb->file->map_size;
/* Someone else may have expanded the file, so retry. */
old_size = tdb->file->map_size;
- tdb->tdb2.io->oob(tdb, tdb->file->map_size + 1, true);
+ tdb->tdb2.io->oob(tdb, tdb->file->map_size, 1, true);
if (tdb->file->map_size != old_size) {
tdb_unlock_expand(tdb, F_WRLCK);
return TDB_SUCCESS;
if (tdb->file->map_size != old_size) {
tdb_unlock_expand(tdb, F_WRLCK);
return TDB_SUCCESS;
If probe is true, len being too large isn't a failure.
*/
If probe is true, len being too large isn't a failure.
*/
-static enum TDB_ERROR tdb_oob(struct tdb_context *tdb, tdb_off_t len,
- bool probe)
+static enum TDB_ERROR tdb_oob(struct tdb_context *tdb,
+ tdb_off_t off, tdb_len_t len, bool probe)
{
struct stat st;
enum TDB_ERROR ecode;
{
struct stat st;
enum TDB_ERROR ecode;
|| (tdb->flags & TDB_NOLOCK)
|| tdb_has_expansion_lock(tdb));
|| (tdb->flags & TDB_NOLOCK)
|| tdb_has_expansion_lock(tdb));
- if (len <= tdb->file->map_size)
+ if (len + off < len) {
+ if (probe)
+ return TDB_SUCCESS;
+
+ return tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
+ "tdb_oob off %llu len %llu wrap\n",
+ (long long)off, (long long)len);
+ }
+
+ if (len + off <= tdb->file->map_size)
return TDB_SUCCESS;
if (tdb->flags & TDB_INTERNAL) {
if (probe)
return TDB_SUCCESS;
if (tdb->flags & TDB_INTERNAL) {
if (probe)
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
"tdb_oob len %lld beyond internal"
" malloc size %lld",
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
"tdb_oob len %lld beyond internal"
" malloc size %lld",
+ (long long)(off + len),
(long long)tdb->file->map_size);
return TDB_ERR_IO;
}
(long long)tdb->file->map_size);
return TDB_ERR_IO;
}
tdb_unlock_expand(tdb, F_RDLCK);
tdb_unlock_expand(tdb, F_RDLCK);
- if (st.st_size < (size_t)len) {
+ if (st.st_size < off + len) {
if (probe)
return TDB_SUCCESS;
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
if (probe)
return TDB_SUCCESS;
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
- "tdb_oob len %zu beyond eof at %zu",
- (size_t)len, st.st_size);
+ "tdb_oob len %llu beyond eof at %zu",
+ (long long)(off + len), st.st_size);
"Write to read-only database");
}
"Write to read-only database");
}
- ecode = tdb->tdb2.io->oob(tdb, off + len, false);
+ ecode = tdb->tdb2.io->oob(tdb, off, len, false);
if (ecode != TDB_SUCCESS) {
return ecode;
}
if (ecode != TDB_SUCCESS) {
return ecode;
}
- ecode = tdb->tdb2.io->oob(tdb, off + len, false);
+ ecode = tdb->tdb2.io->oob(tdb, off, len, false);
if (ecode != TDB_SUCCESS) {
return ecode;
}
if (ecode != TDB_SUCCESS) {
return ecode;
}
if (unlikely(!tdb->file->map_ptr))
return NULL;
if (unlikely(!tdb->file->map_ptr))
return NULL;
- ecode = tdb_oob(tdb, off + len, false);
+ ecode = tdb_oob(tdb, off, len, false);
if (unlikely(ecode != TDB_SUCCESS))
return TDB_ERR_PTR(ecode);
return (char *)tdb->file->map_ptr + off;
if (unlikely(ecode != TDB_SUCCESS))
return TDB_ERR_PTR(ecode);
return (char *)tdb->file->map_ptr + off;
if (tdb->flags & TDB_VERSION1) {
ecode = tdb1_probe_length(tdb);
} else {
if (tdb->flags & TDB_VERSION1) {
ecode = tdb1_probe_length(tdb);
} else {
- ecode = tdb->tdb2.io->oob(tdb, tdb->file->map_size + 1, true);
+ ecode = tdb->tdb2.io->oob(tdb, tdb->file->map_size, 1, true);
}
if (unlikely(ecode != TDB_SUCCESS))
goto fail;
}
if (unlikely(ecode != TDB_SUCCESS))
goto fail;
tdb_len_t);
enum TDB_ERROR (*twrite)(struct tdb_context *, tdb_off_t, const void *,
tdb_len_t);
tdb_len_t);
enum TDB_ERROR (*twrite)(struct tdb_context *, tdb_off_t, const void *,
tdb_len_t);
- enum TDB_ERROR (*oob)(struct tdb_context *, tdb_off_t, bool);
+ enum TDB_ERROR (*oob)(struct tdb_context *, tdb_off_t, tdb_len_t, bool);
enum TDB_ERROR (*expand_file)(struct tdb_context *, tdb_len_t);
void *(*direct)(struct tdb_context *, tdb_off_t, size_t, bool);
};
enum TDB_ERROR (*expand_file)(struct tdb_context *, tdb_len_t);
void *(*direct)(struct tdb_context *, tdb_off_t, size_t, bool);
};
/*
out of bounds check during a transaction
*/
/*
out of bounds check during a transaction
*/
-static enum TDB_ERROR transaction_oob(struct tdb_context *tdb, tdb_off_t len,
- bool probe)
+static enum TDB_ERROR transaction_oob(struct tdb_context *tdb,
+ tdb_off_t off, tdb_len_t len, bool probe)
- if (len <= tdb->file->map_size || probe) {
+ if ((off + len >= off && off + len <= tdb->file->map_size) || probe) {
return TDB_SUCCESS;
}
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
"tdb_oob len %lld beyond transaction size %lld",
return TDB_SUCCESS;
}
tdb_logerr(tdb, TDB_ERR_IO, TDB_LOG_ERROR,
"tdb_oob len %lld beyond transaction size %lld",
+ (long long)(off + len),
(long long)tdb->file->map_size);
return TDB_ERR_IO;
}
(long long)tdb->file->map_size);
return TDB_ERR_IO;
}
/* make sure we know about any file expansions already done by
anyone else */
/* make sure we know about any file expansions already done by
anyone else */
- tdb->tdb2.io->oob(tdb, tdb->file->map_size + 1, true);
+ tdb->tdb2.io->oob(tdb, tdb->file->map_size, 1, true);
tdb->tdb2.transaction->old_map_size = tdb->file->map_size;
/* finally hook the io methods, replacing them with
tdb->tdb2.transaction->old_map_size = tdb->file->map_size;
/* finally hook the io methods, replacing them with