Database: Fix memory-area bounds checking during database reload.

Check free space before reading new data from disk, and do not forget to account for the RAM-cache header. git-svn-id: svn://svn.rockbox.org/rockbox/branches/v3_9@30250 a1c6a512-1295-4272-9138-f99709370657
author: Michael Hohmuth <sideral@rockbox.org> 2011-08-04 12:13:02 +0000
committer: Michael Hohmuth <sideral@rockbox.org> 2011-08-04 12:13:02 +0000
commit: 92a578c6a758e8619b2056da93c79e3455c6a77a (patch)
tree: 311c01d5eebbb184a683dc3844eec6b4515b4f72
parent: e6d21f1d10b7df2f4a108933ae10e084d4995565 (diff)
download: rockbox-92a578c6a758e8619b2056da93c79e3455c6a77a.tar.gz
rockbox-92a578c6a758e8619b2056da93c79e3455c6a77a.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/apps/tagcache.c b/apps/tagcache.c
index f734b4b444..017d1326aa 100644
--- a/apps/tagcache.c
+++ b/apps/tagcache.c
@@ -3909,7 +3909,7 @@ static bool load_tagcache(void)
 {
    struct tagcache_header *tch;
    struct master_header tcmh;
-    long bytesleft = tc_stat.ramcache_allocated;
+    long bytesleft = tc_stat.ramcache_allocated - sizeof(struct ramcache_header);
    struct index_entry *idx;
    int rc, fd;
    char *p;
@@ -3947,18 +3947,18 @@ static bool load_tagcache(void)
    /* Load the master index table. */
    for (i = 0; i < tcmh.tch.entry_count; i++)
    {
-        rc = ecread_index_entry(fd, idx);
+        bytesleft -= sizeof(struct index_entry);
-        if (rc != sizeof(struct index_entry))
+        if (bytesleft < 0)
        {
-            logf("read error #10");
+            logf("too big tagcache.");
            close(fd);
            return false;
        }
-    
-        bytesleft -= sizeof(struct index_entry);
+        rc = ecread_index_entry(fd, idx);
-        if (bytesleft < 0 || ((long)idx - (long)hdr->indices) >= tc_stat.ramcache_allocated)
+        if (rc != sizeof(struct index_entry))
        {
-            logf("too big tagcache.");
+            logf("read error #10");
            close(fd);
            return false;
        }
author	Michael Hohmuth <sideral@rockbox.org>	2011-08-04 12:13:02 +0000
committer	Michael Hohmuth <sideral@rockbox.org>	2011-08-04 12:13:02 +0000
commit	92a578c6a758e8619b2056da93c79e3455c6a77a (patch)
tree	311c01d5eebbb184a683dc3844eec6b4515b4f72
parent	e6d21f1d10b7df2f4a108933ae10e084d4995565 (diff)
download	rockbox-92a578c6a758e8619b2056da93c79e3455c6a77a.tar.gz rockbox-92a578c6a758e8619b2056da93c79e3455c6a77a.zip

diff --git a/apps/tagcache.c b/apps/tagcache.c index f734b4b444..017d1326aa 100644 --- a/apps/tagcache.c +++ b/apps/tagcache.c
@@ -3909,7 +3909,7 @@ static bool load_tagcache(void)
3909	{	3909	{
3910	struct tagcache_header *tch;	3910	struct tagcache_header *tch;
3911	struct master_header tcmh;	3911	struct master_header tcmh;
3912	long bytesleft = tc_stat.ramcache_allocated;	3912	long bytesleft = tc_stat.ramcache_allocated - sizeof(struct ramcache_header);
3913	struct index_entry *idx;	3913	struct index_entry *idx;
3914	int rc, fd;	3914	int rc, fd;
3915	char *p;	3915	char *p;
@@ -3947,18 +3947,18 @@ static bool load_tagcache(void)
3947	/* Load the master index table. */	3947	/* Load the master index table. */
3948	for (i = 0; i < tcmh.tch.entry_count; i++)	3948	for (i = 0; i < tcmh.tch.entry_count; i++)
3949	{	3949	{
3950	rc = ecread_index_entry(fd, idx);	3950	bytesleft -= sizeof(struct index_entry);
3951	if (rc != sizeof(struct index_entry))	3951	if (bytesleft < 0)
3952	{	3952	{
3953	logf("read error #10");	3953	logf("too big tagcache.");
3954	close(fd);	3954	close(fd);
3955	return false;	3955	return false;
3956	}	3956	}
3957		3957
3958	bytesleft -= sizeof(struct index_entry);	3958	rc = ecread_index_entry(fd, idx);
3959	if (bytesleft < 0 \|\| ((long)idx - (long)hdr->indices) >= tc_stat.ramcache_allocated)	3959	if (rc != sizeof(struct index_entry))
3960	{	3960	{
3961	logf("too big tagcache.");	3961	logf("read error #10");
3962	close(fd);	3962	close(fd);
3963	return false;	3963	return false;
3964	}	3964	}