From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Jun 2025 20:26:03 +0000 (+0200)
Subject: journal: replace a bunch of assert() with friendlier checks
X-Git-Tag: v257.8~10
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2da9cc0d1348e7b79d012d2650b52bd1f4a5c2c3;p=thirdparty%2Fsystemd.git

journal: replace a bunch of assert() with friendlier checks

We should not rely that data stored in the journal files remains
entirely untouched at all times. Because we unallocate files, data might
go away any time. Hence, never assert() on any expectations on what the
file contains. Instead, handle it more gracefully as a corruption issue,
and return EBADMSG.

Fixes: #35229 #32436
(cherry picked from commit 5ee8b3edb385b216eb4f3316323ae1287824971a)
---

diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
index 0c80162a09c..7fffa0a28c8 100644
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -2736,7 +2736,9 @@ static int bump_entry_array(
 
         if (direction == DIRECTION_DOWN) {
                 assert(o);
-                assert(o->object.type == OBJECT_ENTRY_ARRAY);
+
+                if (o->object.type != OBJECT_ENTRY_ARRAY)
+                        return -EBADMSG;
 
                 *ret = le64toh(o->entry_array.next_entry_array_offset);
         } else {
@@ -3237,9 +3239,11 @@ static int generic_array_bisect_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
         assert(test_object);
 
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
+
         n = le64toh(d->data.n_entries);
         if (n <= 0)
                 return 0;
@@ -3605,9 +3609,11 @@ int journal_file_move_to_entry_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
         assert(IN_SET(direction, DIRECTION_DOWN, DIRECTION_UP));
 
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
+
         /* FIXME: fix return value assignment. */
 
         /* This returns the first (when the direction is down, otherwise the last) entry linked to the
@@ -3667,7 +3673,9 @@ int journal_file_move_to_entry_by_offset_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
+
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
 
         return generic_array_bisect_for_data(
                         f,
@@ -3693,7 +3701,9 @@ int journal_file_move_to_entry_by_monotonic_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
+
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
 
         /* First, pin the given data object, before reading the _BOOT_ID= data object below. */
         r = journal_file_pin_object(f, d);
@@ -3759,7 +3769,9 @@ int journal_file_move_to_entry_by_seqnum_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
+
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
 
         return generic_array_bisect_for_data(
                         f,
@@ -3779,7 +3791,9 @@ int journal_file_move_to_entry_by_realtime_for_data(
 
         assert(f);
         assert(d);
-        assert(d->object.type == OBJECT_DATA);
+
+        if (d->object.type != OBJECT_DATA)
+                return -EBADMSG;
 
         return generic_array_bisect_for_data(
                         f,