ACK
On 03/28/2013 10:39 AM, Jan Friesse wrote:
> If idx is too large, segfault can happen. Also cycle is now detected
> properly.
>
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
> tools/corosync-fplay.c | 13 +++++++++++++
> 1 files changed, 13 insertions(+), 0 deletions(-)
>
> diff --git a/tools/corosync-fplay.c b/tools/corosync-fplay.c
> index f07e225..a18bbfc 100644
> --- a/tools/corosync-fplay.c
> +++ b/tools/corosync-fplay.c
> @@ -350,6 +350,8 @@ static unsigned int printer_subsys_count =
>
> static uint32_t g_record[G_RECORD_SIZE];
>
> +static int file_rewind = 0;
> +
> /*
> * Copy record, dealing with wrapping
> */
> @@ -357,6 +359,11 @@ static int logsys_rec_get (int rec_idx) {
> uint32_t rec_size;
> int firstcopy, secondcopy;
>
> + if (rec_idx >= flt_data_size) {
> + fprintf (stderr, "rec_idx too large. Input file is probably corrupted.\n");
> + exit (EXIT_FAILURE);
> + }
> +
> rec_size = flt_data[rec_idx];
>
> firstcopy = rec_size;
> @@ -373,6 +380,12 @@ static int logsys_rec_get (int rec_idx) {
> }
>
> if (firstcopy + rec_idx > flt_data_size) {
> + if (file_rewind) {
> + fprintf (stderr, "file rewind for second time (cycle). Input file is probably corrupted.\n");
> + exit (EXIT_FAILURE);
> + }
> +
> + file_rewind = 1;
> firstcopy = flt_data_size - rec_idx;
> secondcopy -= firstcopy - rec_size;
> }
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
