summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-02-27 00:07:29 -0500
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-03-05 00:17:27 -0500
commitfb099c8d2af6620db2709e826a258089d10cdfe8 (patch)
tree1af39090260dd92db522636b7f3d86d69b95ef6f /src
parent32f244309902243a20cff5d5d1abb1c888b5fb21 (diff)
journal: assume that next entry is after previous entry
With a corrupted file, we can get in a situation where two entries in the entry array point to the same object. Then journal_file_next_entry will find the first one using generic_arrray_bisect, and try to move to the second one, but since the address is the same, generic_array_get will return the first one. journal_file_next_entry ends up in an infinite loop. https://bugzilla.redhat.com/show_bug.cgi?id=1047039
Diffstat (limited to 'src')
-rw-r--r--src/journal/journal-file.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 5876733598..0e1fc7f7bc 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -1359,7 +1359,7 @@ int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const st
}
typedef struct ChainCacheItem {
- uint64_t first; /* the array at the begin of the chain */
+ uint64_t first; /* the array at the beginning of the chain */
uint64_t array; /* the cached array */
uint64_t begin; /* the first item in the cached array */
uint64_t total; /* the total number of items in all arrays before this one in the chain */
@@ -1945,7 +1945,7 @@ int journal_file_next_entry(
direction_t direction,
Object **ret, uint64_t *offset) {
- uint64_t i, n;
+ uint64_t i, n, ofs;
int r;
assert(f);
@@ -1986,10 +1986,24 @@ int journal_file_next_entry(
}
/* And jump to it */
- return generic_array_get(f,
- le64toh(f->header->entry_array_offset),
- i,
- ret, offset);
+ r = generic_array_get(f,
+ le64toh(f->header->entry_array_offset),
+ i,
+ ret, &ofs);
+ if (r <= 0)
+ return r;
+
+ if (p > 0 &&
+ (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) {
+ log_debug("%s: entry array corrupted at entry %"PRIu64,
+ f->path, i);
+ return -EBADMSG;
+ }
+
+ if (offset)
+ *offset = ofs;
+
+ return 1;
}
int journal_file_skip_entry(