71 lines
2.5 KiB
Diff
71 lines
2.5 KiB
Diff
|
From fb099c8d2af6620db2709e826a258089d10cdfe8 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||
|
Date: Thu, 27 Feb 2014 00:07:29 -0500
|
||
|
Subject: [PATCH] journal: assume that next entry is after previous entry
|
||
|
|
||
|
With a corrupted file, we can get in a situation where two entries
|
||
|
in the entry array point to the same object. Then journal_file_next_entry
|
||
|
will find the first one using generic_arrray_bisect, and try to move to
|
||
|
the second one, but since the address is the same, generic_array_get will
|
||
|
return the first one. journal_file_next_entry ends up in an infinite loop.
|
||
|
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1047039
|
||
|
---
|
||
|
src/journal/journal-file.c | 26 ++++++++++++++++++++------
|
||
|
1 file changed, 20 insertions(+), 6 deletions(-)
|
||
|
|
||
|
diff --git src/journal/journal-file.c src/journal/journal-file.c
|
||
|
index 5876733..0e1fc7f 100644
|
||
|
--- src/journal/journal-file.c
|
||
|
+++ src/journal/journal-file.c
|
||
|
@@ -1359,7 +1359,7 @@ int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const st
|
||
|
}
|
||
|
|
||
|
typedef struct ChainCacheItem {
|
||
|
- uint64_t first; /* the array at the begin of the chain */
|
||
|
+ uint64_t first; /* the array at the beginning of the chain */
|
||
|
uint64_t array; /* the cached array */
|
||
|
uint64_t begin; /* the first item in the cached array */
|
||
|
uint64_t total; /* the total number of items in all arrays before this one in the chain */
|
||
|
@@ -1945,7 +1945,7 @@ int journal_file_next_entry(
|
||
|
direction_t direction,
|
||
|
Object **ret, uint64_t *offset) {
|
||
|
|
||
|
- uint64_t i, n;
|
||
|
+ uint64_t i, n, ofs;
|
||
|
int r;
|
||
|
|
||
|
assert(f);
|
||
|
@@ -1986,10 +1986,24 @@ int journal_file_next_entry(
|
||
|
}
|
||
|
|
||
|
/* And jump to it */
|
||
|
- return generic_array_get(f,
|
||
|
- le64toh(f->header->entry_array_offset),
|
||
|
- i,
|
||
|
- ret, offset);
|
||
|
+ r = generic_array_get(f,
|
||
|
+ le64toh(f->header->entry_array_offset),
|
||
|
+ i,
|
||
|
+ ret, &ofs);
|
||
|
+ if (r <= 0)
|
||
|
+ return r;
|
||
|
+
|
||
|
+ if (p > 0 &&
|
||
|
+ (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) {
|
||
|
+ log_debug("%s: entry array corrupted at entry %"PRIu64,
|
||
|
+ f->path, i);
|
||
|
+ return -EBADMSG;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (offset)
|
||
|
+ *offset = ofs;
|
||
|
+
|
||
|
+ return 1;
|
||
|
}
|
||
|
|
||
|
int journal_file_skip_entry(
|
||
|
--
|
||
|
1.7.9.2
|
||
|
|