From 92a578c6a758e8619b2056da93c79e3455c6a77a Mon Sep 17 00:00:00 2001
From: Michael Hohmuth <sideral@rockbox.org>
Date: Thu, 4 Aug 2011 12:13:02 +0000
Subject: Database: Fix memory-area bounds checking during database reload.

Check free space before reading new data from disk, and do not forget
to account for the RAM-cache header.

git-svn-id: svn://svn.rockbox.org/rockbox/branches/v3_9@30250 a1c6a512-1295-4272-9138-f99709370657
---
 apps/tagcache.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'apps/tagcache.c')

diff --git a/apps/tagcache.c b/apps/tagcache.c
index f734b4b444..017d1326aa 100644
--- a/apps/tagcache.c
+++ b/apps/tagcache.c
@@ -3909,7 +3909,7 @@ static bool load_tagcache(void)
 {
     struct tagcache_header *tch;
     struct master_header tcmh;
-    long bytesleft = tc_stat.ramcache_allocated;
+    long bytesleft = tc_stat.ramcache_allocated - sizeof(struct ramcache_header);
     struct index_entry *idx;
     int rc, fd;
     char *p;
@@ -3947,18 +3947,18 @@ static bool load_tagcache(void)
     /* Load the master index table. */
     for (i = 0; i < tcmh.tch.entry_count; i++)
     {
-        rc = ecread_index_entry(fd, idx);
-        if (rc != sizeof(struct index_entry))
+        bytesleft -= sizeof(struct index_entry);
+        if (bytesleft < 0)
         {
-            logf("read error #10");
+            logf("too big tagcache.");
             close(fd);
             return false;
         }
-    
-        bytesleft -= sizeof(struct index_entry);
-        if (bytesleft < 0 || ((long)idx - (long)hdr->indices) >= tc_stat.ramcache_allocated)
+
+        rc = ecread_index_entry(fd, idx);
+        if (rc != sizeof(struct index_entry))
         {
-            logf("too big tagcache.");
+            logf("read error #10");
             close(fd);
             return false;
         }
-- 
cgit v1.2.3