From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sat, 27 Jul 2013 18:44:31 +0000 (-0600)
Subject: Imprioved sane rock store entry detection to avoid rebuilding coredumps
X-Git-Tag: SQUID_3_5_0_1~444^2~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea6351754a497f502772433e4b7704cbd6d0a6e0;p=thirdparty%2Fsquid.git

Imprioved sane rock store entry detection to avoid rebuilding coredumps
due to out-of-range slot IDs.
---

diff --git a/src/fs/rock/RockDbCell.h b/src/fs/rock/RockDbCell.h
index 31fb250e52..c58c514649 100644
--- a/src/fs/rock/RockDbCell.h
+++ b/src/fs/rock/RockDbCell.h
@@ -22,8 +22,11 @@ public:
     /* members below are not meaningful if empty() */
 
     /// whether this slot is not corrupted
-    bool sane() const { return firstSlot >= 0 && nextSlot >= -1 &&
-       version > 0 && payloadSize > 0; }
+    bool sane(const size_t slotSize, int slotLimit) const { return
+       0 <= firstSlot && firstSlot < slotLimit &&
+       -1 <= nextSlot && nextSlot < slotLimit &&
+       version > 0 &&
+       0 < payloadSize && payloadSize < slotSize - sizeof(DbCellHeader); }
 
     uint64_t key[2]; ///< StoreEntry key
     uint64_t entrySize; ///< total entry content size or zero if still unknown
diff --git a/src/fs/rock/RockRebuild.cc b/src/fs/rock/RockRebuild.cc
index 10eb4c4f33..586a0a10eb 100644
--- a/src/fs/rock/RockRebuild.cc
+++ b/src/fs/rock/RockRebuild.cc
@@ -254,7 +254,7 @@ Rock::Rebuild::loadOneSlot()
         freeSlotIfIdle(slotId, false);
         return;
     }
-    if (!header.sane()) {
+    if (!header.sane(dbEntrySize, dbEntryLimit)) {
         debugs(47, DBG_IMPORTANT, "WARNING: cache_dir[" << sd->index << "]: " <<
                "Ignoring malformed cache entry meta data at " << dbOffset);
         freeSlotIfIdle(slotId, true);