dovecot: Some paranoia fixes for memory allocation. Don't access...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot/rev/ba118a9eeb50
changeset: 5952:ba118a9eeb50
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Jul 12 03:17:38 2007 +0300
description:
Some paranoia fixes for memory allocation. Don't access a mmaped variable
directly in case it happens to change.

diffstat:

1 file changed, 6 insertions(+), 5 deletions(-)
src/lib-index/mail-cache-fields.c |   11 ++++++-----

diffs (35 lines):

diff -r e9b5d3d33b95 -r ba118a9eeb50 src/lib-index/mail-cache-fields.c
--- a/src/lib-index/mail-cache-fields.c	Thu Jul 12 02:44:47 2007 +0300
+++ b/src/lib-index/mail-cache-fields.c	Thu Jul 12 03:17:38 2007 +0300
@@ -207,6 +207,7 @@ int mail_cache_header_fields_read(struct
 	const uint8_t *types, *decisions;
 	const char *p, *names, *end;
 	void *orig_key, *orig_value;
+	unsigned int new_fields_count;
 	uint32_t offset, i;
 
 	if (mail_cache_header_fields_get_offset(cache, &offset) < 0)
@@ -243,18 +244,18 @@ int mail_cache_header_fields_read(struct
 			return -1;
 	}
 	field_hdr = CONST_PTR_OFFSET(cache->data, offset);
-
-	if (field_hdr->fields_count != 0) {
+	new_fields_count = field_hdr->fields_count;
+
+	if (new_fields_count != 0) {
 		cache->file_field_map =
 			i_realloc(cache->file_field_map,
 				  cache->file_fields_count *
 				  sizeof(unsigned int),
-				  field_hdr->fields_count *
-				  sizeof(unsigned int));
+				  new_fields_count * sizeof(unsigned int));
 	} else {
 		i_free_and_null(cache->file_field_map);
 	}
-	cache->file_fields_count = field_hdr->fields_count;
+	cache->file_fields_count = new_fields_count;
 
 	last_used = CONST_PTR_OFFSET(field_hdr, MAIL_CACHE_FIELD_LAST_USED());
 	sizes = CONST_PTR_OFFSET(field_hdr,