From 86b9b2cd15ac8fc2cf4dca39ccd3669c4a4ff81a Mon Sep 17 00:00:00 2001
From: Eric Bollengier <eric@baculasystems.com>
Date: Tue, 27 Oct 2015 15:25:37 +0100
Subject: [PATCH] Avoid segfault in dump_block() when the block_len is invalid

---
 bacula/src/stored/block_util.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/bacula/src/stored/block_util.c b/bacula/src/stored/block_util.c
index 86e097d39a..a96d2611a3 100644
--- a/bacula/src/stored/block_util.c
+++ b/bacula/src/stored/block_util.c
@@ -82,8 +82,11 @@ void dump_block(DEV_BLOCK *b, const char *msg)
       rhl = RECHDR1_LENGTH;
    }
 
-   if (block_len > 4000000) {
-      Dmsg3(20, "!!!Dump block %s 0x%x blocksize too big %u\n", msg, b, block_len);
+   if (block_len > 4000000 || block_len < BLKHDR_CS_LENGTH) {
+      Dmsg3(20, "!!!Dump block %s 0x%x blocksize too %s %u\n",
+            msg, b,
+            (block_len < BLKHDR_CS_LENGTH)?"small":"big",
+            block_len);
       return;
    }
 
@@ -271,8 +274,11 @@ bool unser_block_header(JCR *jcr, DEVICE *dev, DEV_BLOCK *block)
    unser_uint32(BlockNumber);
    unser_bytes(Id, BLKHDR_ID_LENGTH);
    ASSERT(unser_length(block->buf) == BLKHDR1_LENGTH);
-
    Id[BLKHDR_ID_LENGTH] = 0;
+
+   char buf[512];
+   Dmsg3(0, "len=%d block = %s (id=%s)\n", block->block_len, hexdump(block->buf, MIN(block->block_len, 512), buf, sizeof(buf)), Id);
+      
    if (Id[3] == '1') {
       bhl = BLKHDR1_LENGTH;
       block->BlockVer = 1;
-- 
2.39.5