ACK On 03/28/2013 10:39 AM, Jan Friesse wrote: > If idx is too large, segfault can happen. Also cycle is now detected > properly. > > Signed-off-by: Jan Friesse <[email protected]> > --- > tools/corosync-fplay.c | 13 +++++++++++++ > 1 files changed, 13 insertions(+), 0 deletions(-) > > diff --git a/tools/corosync-fplay.c b/tools/corosync-fplay.c > index f07e225..a18bbfc 100644 > --- a/tools/corosync-fplay.c > +++ b/tools/corosync-fplay.c > @@ -350,6 +350,8 @@ static unsigned int printer_subsys_count = > > static uint32_t g_record[G_RECORD_SIZE]; > > +static int file_rewind = 0; > + > /* > * Copy record, dealing with wrapping > */ > @@ -357,6 +359,11 @@ static int logsys_rec_get (int rec_idx) { > uint32_t rec_size; > int firstcopy, secondcopy; > > + if (rec_idx >= flt_data_size) { > + fprintf (stderr, "rec_idx too large. Input file is probably > corrupted.\n"); > + exit (EXIT_FAILURE); > + } > + > rec_size = flt_data[rec_idx]; > > firstcopy = rec_size; > @@ -373,6 +380,12 @@ static int logsys_rec_get (int rec_idx) { > } > > if (firstcopy + rec_idx > flt_data_size) { > + if (file_rewind) { > + fprintf (stderr, "file rewind for second time (cycle). > Input file is probably corrupted.\n"); > + exit (EXIT_FAILURE); > + } > + > + file_rewind = 1; > firstcopy = flt_data_size - rec_idx; > secondcopy -= firstcopy - rec_size; > } >
_______________________________________________ discuss mailing list [email protected] http://lists.corosync.org/mailman/listinfo/discuss
