[rrd-developers] [PATCH] rrd_open: be careful when reading every part of the header

Fri Oct 3 22:02:13 CEST 2008

* in MMAP mode, check the offset compared to the file length
 * in read() mode, check for short reads
---
 src/rrd_open.c |   24 +++++++++++++++++++-----
 1 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/rrd_open.c b/src/rrd_open.c
index af08f90..7a85aa8 100644
--- a/src/rrd_open.c
+++ b/src/rrd_open.c
@@ -21,16 +21,30 @@
 /* the cast to void* is there to avoid this warning seen on ia64 with certain
    versions of gcc: 'cast increases required alignment of target type'
 */
-#define __rrd_read(dst, dst_t, cnt) \
+#define __rrd_read(dst, dst_t, cnt) { \
+	size_t wanted = sizeof(dst_t)*(cnt); \
+	if (offset + wanted > rrd_file->file_len) { \
+		rrd_set_error("reached EOF while loading header " #dst); \
+		goto out_nullify_head; \
+	} \
 	(dst) = (dst_t*)(void*) (data + offset); \
-	offset += sizeof(dst_t) * (cnt)
+	offset += wanted; \
+    }
 #else
-#define __rrd_read(dst, dst_t, cnt) \
-	if ((dst = malloc(sizeof(dst_t)*(cnt))) == NULL) { \
+#define __rrd_read(dst, dst_t, cnt) { \
+	size_t wanted = sizeof(dst_t)*(cnt); \
+        size_t got; \
+	if ((dst = malloc(wanted)) == NULL) { \
 		rrd_set_error(#dst " malloc"); \
 		goto out_nullify_head; \
 	} \
-	offset += read (rrd_file->fd, dst, sizeof(dst_t)*(cnt))
+        got = read (rrd_file->fd, dst, wanted); \
+	if (got != wanted) { \
+		rrd_set_error("short read while reading header " #dst); \
+                goto out_nullify_head; \
+	} \
+	offset += got; \
+    }
 #endif
 
 /* get the address of the start of this page */
-- 
1.6.0.2

