git: 33ee87fa0ae8 - main - improve error handling for corrupt database

Sun, 30 Jan 2022 10:06:38 -0800 

The branch main has been updated by wosch:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=33ee87fa0ae80cb48fa5bba2bc2b090fc622e413

commit 33ee87fa0ae80cb48fa5bba2bc2b090fc622e413
Author:     Wolfram Schneider <wo...@freebsd.org>
AuthorDate: 2022-01-30 18:04:52 +0000
Commit:     Wolfram Schneider <wo...@freebsd.org>
CommitDate: 2022-01-30 18:04:52 +0000

    improve error handling for corrupt database
---
 usr.bin/locate/locate/fastfind.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/usr.bin/locate/locate/fastfind.c b/usr.bin/locate/locate/fastfind.c
index 4cae9381024d..69a3c2ed8152 100644
--- a/usr.bin/locate/locate/fastfind.c
+++ b/usr.bin/locate/locate/fastfind.c
@@ -67,7 +67,7 @@ statistic (fp, path_fcodes)
                } else
                        count += c - OFFSET;
                
-               if (count < 0 || count > MAXPATHLEN) {
+               if (count < 0 || count >= MAXPATHLEN) {
                        /* stop on error and display the statstics anyway */
                        warnx("corrupted database: %s", path_fcodes);
                        error = 1;
@@ -155,7 +155,7 @@ fastfind
        register int c, cc;
        int count, found, globflag;
        u_char *cutoff;
-       u_char bigram1[NBG], bigram2[NBG], path[MAXPATHLEN];
+       u_char bigram1[NBG], bigram2[NBG], path[MAXPATHLEN + 2];
 
 #ifdef FF_ICASE
        /* use a lookup table for case insensitive search */
@@ -206,7 +206,9 @@ fastfind
        foundchar = 0;
 
 #ifdef FF_MMAP
-       c = (u_char)*paddr++; len--;
+       c = (u_char)*paddr++;
+       len--;
+
        for (; len > 0; ) {
 #else
        c = getc(fp);
@@ -216,8 +218,12 @@ fastfind
                /* go forward or backward */
                if (c == SWITCH) { /* big step, an integer */
 #ifdef FF_MMAP
+                       if (len < sizeof(int))
+                               errx(1, "corrupted database: %s", database);
+
                        count += getwm(paddr) - OFFSET;
-                       len -= INTSIZE; paddr += INTSIZE;
+                       len -= INTSIZE;
+                       paddr += INTSIZE;
 #else
                        count +=  getwf(fp) - OFFSET;
 #endif /* FF_MMAP */
@@ -225,8 +231,9 @@ fastfind
                        count += c - OFFSET;
                }
 
-               if (count < 0 || count > MAXPATHLEN)
-                       errx(1, "corrupted database: %s", database);
+               if (count < 0 || count >= MAXPATHLEN)
+                       errx(1, "corrupted database: %s %d", database, count);
+
                /* overlay old path */
                p = path + count;
                foundchar = p - 1;
@@ -285,6 +292,10 @@ fastfind
                                *p++ = bigram1[c];
                                *p++ = bigram2[c];
                        }
+
+                       if (p - path >= MAXPATHLEN) 
+                               errx(1, "corrupted database: %s", database);
+
                }
                
                if (found) {                     /* previous line matched */

Reply via email to