[dovecot-cvs] dovecot/src/lib file-cache.c,1.12.2.4,1.12.2.5

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/lib
In directory talvi:/tmp/cvs-serv2566

Modified Files:
      Tag: branch_1_0
	file-cache.c 
Log Message:
Check against offset/size overflows.



Index: file-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib/file-cache.c,v
retrieving revision 1.12.2.4
retrieving revision 1.12.2.5
diff -u -d -r1.12.2.4 -r1.12.2.5
--- file-cache.c	18 Nov 2006 23:35:35 -0000	1.12.2.4
+++ file-cache.c	3 Dec 2006 15:09:35 -0000	1.12.2.5
@@ -99,6 +99,8 @@
 		   doesn't have to deal with any extra checks. */
 		size = SSIZE_T_MAX;
 	}
+	if (offset >= (uoff_t)-1 - size)
+		size = (uoff_t)-1 - offset;
 
 	if (offset + size > cache->mmap_length &&
 	    offset + size - cache->mmap_length > 1024*1024) {
@@ -221,6 +223,8 @@
 	unsigned char *bits;
 	unsigned int first_page, last_page;
 
+	i_assert(size < (uoff_t)-1 && offset < (uoff_t)-1 - size);
+
 	if (file_cache_set_size(cache, offset + size) < 0) {
 		/* couldn't grow mapping. just make sure the written memory
 		   area is invalidated then. */