Commit b75b6732 authored by Jürg Billeter's avatar Jürg Billeter

libtracker-data: Fix crash due to overflow in journal reader

Fixes GB#664833.
parent 4a15439d
......@@ -1657,6 +1657,17 @@ db_journal_reader_next (JournalReader *jreader, gboolean global_reader, GError *
return FALSE;
}
/* Check that entry is smaller than the rest of the file.
Very large entry_size could otherwise cause an overflow
in entry_begin + entry_size below. */
if ((gint64) entry_size > (gint64) (jreader->end - jreader->entry_begin)) {
g_set_error (error, TRACKER_DB_JOURNAL_ERROR,
TRACKER_DB_JOURNAL_ERROR_DAMAGED_JOURNAL_ENTRY,
"Damaged journal entry, size %u > %ld (rest of the file)",
entry_size, jreader->end - jreader->entry_begin);
return FALSE;
}
if (!jreader->stream) {
/* Set the bounds for the entry */
jreader->entry_end = jreader->entry_begin + entry_size;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment