[dovecot-cvs] dovecot/src/lib-index mail-index-transaction.c, 1.87, 1.88
tss at dovecot.org
tss at dovecot.org
Sun Mar 25 21:25:52 EEST 2007
Update of /var/lib/cvs/dovecot/src/lib-index
In directory talvi:/tmp/cvs-serv5724
Modified Files:
mail-index-transaction.c
Log Message:
Don't read/write outside boundaries if the extension data's size isn't
divisible with 32bit.
Index: mail-index-transaction.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-index/mail-index-transaction.c,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -d -r1.87 -r1.88
--- mail-index-transaction.c 16 Mar 2007 16:10:58 -0000 1.87
+++ mail-index-transaction.c 25 Mar 2007 18:25:50 -0000 1.88
@@ -122,16 +122,17 @@
void *old_record)
{
void *p;
- unsigned int idx;
+ unsigned int idx, aligned_record_size;
/* records need to be 32bit aligned */
- record_size = (record_size + 3) & ~3;
+ aligned_record_size = (record_size + 3) & ~3;
if (!array_is_created(array)) {
- array_create(array, default_pool, sizeof(seq) + record_size,
- 1024 / (sizeof(seq) + record_size));
+ array_create(array, default_pool,
+ sizeof(seq) + aligned_record_size,
+ 1024 / (sizeof(seq) + aligned_record_size));
}
- i_assert(array->arr.element_size == sizeof(seq) + record_size);
+ i_assert(array->arr.element_size == sizeof(seq) + aligned_record_size);
if (mail_index_seq_array_lookup(array, seq, &idx)) {
/* already there, update */
More information about the dovecot-cvs
mailing list