Imprioved sane rock store entry detection to avoid rebuilding coredumps

due to out-of-range slot IDs.

diff --git a/src/fs/rock/RockDbCell.h b/src/fs/rock/RockDbCell.h
index 31fb250e523b30c2aa10b9d6acb635dfdcdbe263..c58c514649d0dcb6febdc947087e0953a9cd445f 100644 (file)
--- a/src/fs/rock/RockDbCell.h
+++ b/src/fs/rock/RockDbCell.h
@@ -22,8 +22,11 @@ public:
     /* members below are not meaningful if empty() */
 
     /// whether this slot is not corrupted
-    bool sane() const { return firstSlot >= 0 && nextSlot >= -1 &&
-       version > 0 && payloadSize > 0; }
+    bool sane(const size_t slotSize, int slotLimit) const { return
+       0 <= firstSlot && firstSlot < slotLimit &&
+       -1 <= nextSlot && nextSlot < slotLimit &&
+       version > 0 &&
+       0 < payloadSize && payloadSize < slotSize - sizeof(DbCellHeader); }
 
     uint64_t key[2]; ///< StoreEntry key
     uint64_t entrySize; ///< total entry content size or zero if still unknown

diff --git a/src/fs/rock/RockRebuild.cc b/src/fs/rock/RockRebuild.cc
index 10eb4c4f335f6bcec791ae3e565098ee5b8241dc..586a0a10eb3b319c1852df6625c9a00d95943069 100644 (file)
--- a/src/fs/rock/RockRebuild.cc
+++ b/src/fs/rock/RockRebuild.cc
@@ -254,7 +254,7 @@ Rock::Rebuild::loadOneSlot()
         freeSlotIfIdle(slotId, false);
         return;
     }
-    if (!header.sane()) {
+    if (!header.sane(dbEntrySize, dbEntryLimit)) {
         debugs(47, DBG_IMPORTANT, "WARNING: cache_dir[" << sd->index << "]: " <<
                "Ignoring malformed cache entry meta data at " << dbOffset);
         freeSlotIfIdle(slotId, true);