From fe6f2bd8a64108ab9d42ee4633f1cab2e05f2915 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 25 Sep 2023 11:10:01 +0900 Subject: [PATCH] sd-journal: fix calculation of number of 'total' entries in the chained arrays If there's corruption and we are going upwards, then the 'total' must be decreased when we go to the previous array. However, previously, we wrongly kept or increased the number. This fixes the behavior. --- src/libsystemd/sd-journal/journal-file.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index 5371c6d79bd..474d7b1d27d 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -2815,7 +2815,16 @@ static int generic_array_get( if (k == 0) break; - i = direction == DIRECTION_DOWN ? 0 : k - 1; + if (direction == DIRECTION_DOWN) + i = 0; + else { + /* We moved to the previous array. The total must be decreased. */ + if (t < k) + return -EBADMSG; /* chain cache is broken ? */ + + i = k - 1; + t -= k; + } } do { @@ -2842,7 +2851,10 @@ static int generic_array_get( } while (bump_array_index(&i, direction, k) > 0); - t += k; + if (direction == DIRECTION_DOWN) + /* We are going to the next array, the total must be incremented. */ + t += k; + i = UINT64_MAX; } -- 2.47.3