mdbx: fix pagecheck().

Added a check that the data of the BIGDATA node (containing the target page number) is located within the boundaries of the page being checked.

The third case of https://github.com/erthink/libmdbx/issues/217.
This commit is contained in:
Leonid Yuriev 2021-07-16 03:00:43 +03:00
parent 6a6ead6cfb
commit 8aaf5d071b

View File

@ -17151,8 +17151,15 @@ __cold static int mdbx_page_check(MDBX_cursor *const mc,
break; break;
} }
if (node_flags(node) & F_BIGDATA) {
const size_t dsize = node_ds(node); const size_t dsize = node_ds(node);
const char *const data = node_data(node);
if (node_flags(node) & F_BIGDATA) {
if (unlikely(end_of_page < data + sizeof(pgno_t))) {
rc = bad_page(
mp, "node-%s(%u of %u, %zu bytes) beyond (%zu) page-end\n",
"bigdata-pgno", i, nkeys, dsize, data + dsize - end_of_page);
continue;
}
if ((options & C_COPYING) == 0) { if ((options & C_COPYING) == 0) {
if (unlikely(dsize <= mc->mc_dbx->md_vlen_min || if (unlikely(dsize <= mc->mc_dbx->md_vlen_min ||
dsize > mc->mc_dbx->md_vlen_max)) dsize > mc->mc_dbx->md_vlen_max))
@ -17180,12 +17187,10 @@ __cold static int mdbx_page_check(MDBX_cursor *const mc,
continue; continue;
} }
const size_t dsize = node_ds(node);
const char *const data = node_data(node);
if (unlikely(end_of_page < data + dsize)) { if (unlikely(end_of_page < data + dsize)) {
rc = bad_page(mp, rc =
"node-data(%u of %u, %zu bytes) beyond (%zu) page-end\n", bad_page(mp, "node-%s(%u of %u, %zu bytes) beyond (%zu) page-end\n",
i, nkeys, dsize, data + dsize - end_of_page); "data", i, nkeys, dsize, data + dsize - end_of_page);
continue; continue;
} }