diff options
Diffstat (limited to 'core/systemd/0015-journal-assume-that-next-entry-is-after-previous-ent.patch')
| -rw-r--r-- | core/systemd/0015-journal-assume-that-next-entry-is-after-previous-ent.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/core/systemd/0015-journal-assume-that-next-entry-is-after-previous-ent.patch b/core/systemd/0015-journal-assume-that-next-entry-is-after-previous-ent.patch new file mode 100644 index 000000000..0c3b014c9 --- /dev/null +++ b/core/systemd/0015-journal-assume-that-next-entry-is-after-previous-ent.patch @@ -0,0 +1,70 @@ +From fb099c8d2af6620db2709e826a258089d10cdfe8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 27 Feb 2014 00:07:29 -0500 +Subject: [PATCH] journal: assume that next entry is after previous entry + +With a corrupted file, we can get in a situation where two entries +in the entry array point to the same object. Then journal_file_next_entry +will find the first one using generic_arrray_bisect, and try to move to +the second one, but since the address is the same, generic_array_get will +return the first one. journal_file_next_entry ends up in an infinite loop. + +https://bugzilla.redhat.com/show_bug.cgi?id=1047039 +--- + src/journal/journal-file.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c +index 5876733..0e1fc7f 100644 +--- a/src/journal/journal-file.c ++++ b/src/journal/journal-file.c +@@ -1359,7 +1359,7 @@ int journal_file_append_entry(JournalFile *f, const dual_timestamp *ts, const st + } + + typedef struct ChainCacheItem { +- uint64_t first; /* the array at the begin of the chain */ ++ uint64_t first; /* the array at the beginning of the chain */ + uint64_t array; /* the cached array */ + uint64_t begin; /* the first item in the cached array */ + uint64_t total; /* the total number of items in all arrays before this one in the chain */ +@@ -1945,7 +1945,7 @@ int journal_file_next_entry( + direction_t direction, + Object **ret, uint64_t *offset) { + +- uint64_t i, n; ++ uint64_t i, n, ofs; + int r; + + assert(f); +@@ -1986,10 +1986,24 @@ int journal_file_next_entry( + } + + /* And jump to it */ +- return generic_array_get(f, +- le64toh(f->header->entry_array_offset), +- i, +- ret, offset); ++ r = generic_array_get(f, ++ le64toh(f->header->entry_array_offset), ++ i, ++ ret, &ofs); ++ if (r <= 0) ++ return r; ++ ++ if (p > 0 && ++ (direction == DIRECTION_DOWN ? ofs <= p : ofs >= p)) { ++ log_debug("%s: entry array corrupted at entry %"PRIu64, ++ f->path, i); ++ return -EBADMSG; ++ } ++ ++ if (offset) ++ *offset = ofs; ++ ++ return 1; + } + + int journal_file_skip_entry( +-- +1.9.0 + |