From 4f06a38a50e89c431f48b54a2fa6cee42742e0bb Mon Sep 17 00:00:00 2001 From: Leo Yuriev Date: Wed, 26 Jul 2017 10:28:09 +0300 Subject: [PATCH] mdbx: use saturated pgno_add() to avoid overflows. Change-Id: I70000a86a69c9b3399d0a2c345d57ca1908f2881 --- src/bits.h | 5 +++++ src/mdbx.c | 13 +++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/bits.h b/src/bits.h index 14867ef8..10ed62f7 100644 --- a/src/bits.h +++ b/src/bits.h @@ -1195,3 +1195,8 @@ static __inline pgno_t bytes2pgno(const MDBX_env *env, size_t bytes) { mdbx_assert(env, (env->me_psize >> env->me_psize2log) == 1); return (pgno_t)(bytes >> env->me_psize2log); } + +static __inline pgno_t pgno_add(pgno_t base, pgno_t augend) { + assert(base <= MAX_PAGENO); + return (augend < MAX_PAGENO - base) ? base + augend : MAX_PAGENO; +} diff --git a/src/mdbx.c b/src/mdbx.c index c5122da9..ffdfdfcd 100644 --- a/src/mdbx.c +++ b/src/mdbx.c @@ -1864,7 +1864,7 @@ static int mdbx_page_alloc(MDBX_cursor *mc, unsigned num, MDBX_page **mp, repg_pos = 0; pgno = txn->mt_next_pgno; rc = MDBX_MAP_FULL; - const pgno_t next = pgno + num; + const pgno_t next = pgno_add(pgno, num); if (likely(next <= txn->mt_end_pgno)) { rc = MDBX_NOTFOUND; if (likely(flags & MDBX_ALLOC_NEW)) @@ -1915,13 +1915,14 @@ static int mdbx_page_alloc(MDBX_cursor *mc, unsigned num, MDBX_page **mp, if (rc == MDBX_MAP_FULL && next < head->mm_geo.upper) { mdbx_assert(env, next > txn->mt_end_pgno); pgno_t growth_pgno = bytes2pgno( - env, - mdbx_roundup2(pgno2bytes(env, txn->mt_next_pgno + head->mm_geo.grow), - env->me_os_psize)); + env, mdbx_roundup2(pgno2bytes(env, pgno_add(txn->mt_next_pgno, + head->mm_geo.grow)), + env->me_os_psize)); while (next >= growth_pgno) growth_pgno = bytes2pgno( - env, mdbx_roundup2(pgno2bytes(env, growth_pgno + head->mm_geo.grow), - env->me_os_psize)); + env, mdbx_roundup2( + pgno2bytes(env, pgno_add(growth_pgno, head->mm_geo.grow)), + env->me_os_psize)); if (growth_pgno > head->mm_geo.upper) growth_pgno = head->mm_geo.upper;