From 3f4795112d13f80b4aff9051f5e68060a80a69bd Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Mon, 24 Oct 2016 13:28:44 +0300 Subject: [PATCH] lib-index: Fix potential error when reading from uncommitted cache transaction If dovecot.index.cache is compressed during the transaction, the new cache fields mapping doesn't necessarily match what is in the transaction. Fixes: Error: Corrupted index cache file .../dovecot.index.cache: field index too large (27 >= 17) Although there may be other cache corruption errors it also fixes. --- src/lib-index/mail-cache-transaction.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/lib-index/mail-cache-transaction.c b/src/lib-index/mail-cache-transaction.c index bbd7e9bcb9..9e91b11b23 100644 --- a/src/lib-index/mail-cache-transaction.c +++ b/src/lib-index/mail-cache-transaction.c @@ -289,6 +289,14 @@ mail_cache_transaction_lookup_rec(struct mail_cache_transaction_ctx *ctx, const struct mail_cache_transaction_rec *recs; unsigned int i, count; + if (MAIL_CACHE_IS_UNUSABLE(ctx->cache) || + ctx->cache_file_seq != ctx->cache->hdr->file_seq) { + /* Cache was compressed during this transaction. We can't + safely use the data anymore, since its fields won't match + cache->file_fields_map. */ + return NULL; + } + recs = array_get(&ctx->cache_data_seq, &count); for (i = *trans_next_idx; i < count; i++) { if (recs[i].seq == seq) { -- 2.47.3