From 25a99d4024930574490f18c9eaa1e0448df34eba Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Mon, 14 Jan 2013 13:12:15 -0800 Subject: [PATCH] ITS#7485 check maxkeysize in mdb_cursor_put Also MDB_MAXKEYSIZE is redefinable at compile time. --- libraries/liblmdb/mdb.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c index 67defdba25..cae20de9ed 100644 --- a/libraries/liblmdb/mdb.c +++ b/libraries/liblmdb/mdb.c @@ -342,19 +342,25 @@ static txnid_t mdb_debug_start; /** The version number for a database's file format. */ #define MDB_VERSION 1 - /** The maximum size of a key in the database. + /** @brief The maximum size of a key in the database. + * * While data items have essentially unbounded size, we require that * keys all fit onto a regular page. This limit could be raised a bit * further if needed; to something just under #MDB_PAGESIZE / #MDB_MINKEYS. + * + * Note that data items in an #MDB_DUPSORT database are actually keys + * of a subDB, so they're also limited to this size. */ -#define MAXKEYSIZE 511 +#ifndef MDB_MAXKEYSIZE +#define MDB_MAXKEYSIZE 511 +#endif #if MDB_DEBUG /** A key buffer. * @ingroup debug * This is used for printing a hex dump of a key's contents. */ -#define DKBUF char kbuf[(MAXKEYSIZE*2+1)] +#define DKBUF char kbuf[(MDB_MAXKEYSIZE*2+1)] /** Display a key in hex. * @ingroup debug * Invoke a function to display a key in hex. @@ -1081,8 +1087,8 @@ mdb_dkey(MDB_val *key, char *buf) char *ptr = buf; unsigned char *c = key->mv_data; unsigned int i; - if (key->mv_size > MAXKEYSIZE) - return "MAXKEYSIZE"; + if (key->mv_size > MDB_MAXKEYSIZE) + return "MDB_MAXKEYSIZE"; /* may want to make this a dynamic check: if the key is mostly * printable characters, print it as-is instead of converting to hex. */ @@ -2176,7 +2182,7 @@ free2: MDB_val key, data; /* make sure last page of freeDB is touched and on freelist */ - key.mv_size = MAXKEYSIZE+1; + key.mv_size = MDB_MAXKEYSIZE+1; key.mv_data = NULL; rc = mdb_page_search(&mc, &key, MDB_PS_MODIFY); if (rc && rc != MDB_NOTFOUND) @@ -3954,7 +3960,7 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int modify) if (key == NULL) /* Initialize cursor to first page. */ i = 0; - else if (key->mv_size > MAXKEYSIZE && key->mv_data == NULL) { + else if (key->mv_size > MDB_MAXKEYSIZE && key->mv_data == NULL) { /* cursor to last page */ i = NUMKEYS(mp)-1; } else { @@ -4130,7 +4136,7 @@ mdb_get(MDB_txn *txn, MDB_dbi dbi, if (txn == NULL || !dbi || dbi >= txn->mt_numdbs) return EINVAL; - if (key->mv_size == 0 || key->mv_size > MAXKEYSIZE) { + if (key->mv_size == 0 || key->mv_size > MDB_MAXKEYSIZE) { return EINVAL; } @@ -4572,7 +4578,7 @@ mdb_cursor_last(MDB_cursor *mc, MDB_val *key, MDB_val *data) if (!(mc->mc_flags & C_INITIALIZED) || mc->mc_top) { MDB_val lkey; - lkey.mv_size = MAXKEYSIZE+1; + lkey.mv_size = MDB_MAXKEYSIZE+1; lkey.mv_data = NULL; rc = mdb_page_search(mc, &lkey, 0); if (rc != MDB_SUCCESS) @@ -4656,7 +4662,7 @@ mdb_cursor_get(MDB_cursor *mc, MDB_val *key, MDB_val *data, case MDB_SET: case MDB_SET_KEY: case MDB_SET_RANGE: - if (key == NULL || key->mv_size == 0 || key->mv_size > MAXKEYSIZE) { + if (key == NULL || key->mv_size == 0 || key->mv_size > MDB_MAXKEYSIZE) { rc = EINVAL; } else if (op == MDB_SET_RANGE) rc = mdb_cursor_set(mc, key, data, op, NULL); @@ -4793,13 +4799,16 @@ mdb_cursor_put(MDB_cursor *mc, MDB_val *key, MDB_val *data, size_t nsize; int rc, rc2; MDB_pagebuf pbuf; - char dbuf[MAXKEYSIZE+1]; + char dbuf[MDB_MAXKEYSIZE+1]; unsigned int nflags; DKBUF; if (F_ISSET(mc->mc_txn->mt_flags, MDB_TXN_RDONLY)) return EACCES; + if (key->mv_size == 0 || key->mv_size > MDB_MAXKEYSIZE) + return EINVAL; + DPRINTF("==> put db %u key [%s], size %zu, data size %zu", mc->mc_dbi, DKEY(key), key ? key->mv_size:0, data->mv_size); @@ -5769,7 +5778,7 @@ mdb_update_key(MDB_page *mp, indx_t indx, MDB_val *key) #if MDB_DEBUG { MDB_val k2; - char kbuf2[(MAXKEYSIZE*2+1)]; + char kbuf2[(MDB_MAXKEYSIZE*2+1)]; k2.mv_data = NODEKEY(node); k2.mv_size = node->mn_ksize; DPRINTF("update key %u (ofs %u) [%s] to [%s] on page %zu", @@ -6321,7 +6330,7 @@ mdb_del(MDB_txn *txn, MDB_dbi dbi, return EACCES; } - if (key->mv_size == 0 || key->mv_size > MAXKEYSIZE) { + if (key->mv_size == 0 || key->mv_size > MDB_MAXKEYSIZE) { return EINVAL; } @@ -6760,7 +6769,7 @@ mdb_put(MDB_txn *txn, MDB_dbi dbi, return EACCES; } - if (key->mv_size == 0 || key->mv_size > MAXKEYSIZE) { + if (key->mv_size == 0 || key->mv_size > MDB_MAXKEYSIZE) { return EINVAL; } -- 2.39.5