Groonga - fulltext search engine.

[Groonga-mysql-commit] mroonga/mroonga at 03b2c17 [master] Add missing length check

Kouhei Sutou null+****@clear*****
Wed Oct 22 23:37:41 JST 2014

• Previous message: [Groonga-mysql-commit] mroonga/mroonga at 6149443 [master] Merge pull request #32 from naoa/support-column-compression-flag
• Next message: [Groonga-mysql-commit] mroonga/mroonga at a697205 [master] Use more meaningful name and description
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kouhei Sutou	2014-10-22 23:37:41 +0900 (Wed, 22 Oct 2014)

  New Revision: 03b2c17d5017006b6f8bb415b4661d6a90e0a1fc
  https://github.com/mroonga/mroonga/commit/03b2c17d5017006b6f8bb415b4661d6a90e0a1fc

  Message:
    Add missing length check
    
    It may cause SEGV.

  Modified files:
    ha_mroonga.cpp

  Modified: ha_mroonga.cpp (+6 -4)
===================================================================
--- ha_mroonga.cpp    2014-10-22 23:21:27 +0900 (7d1dcc6)
+++ ha_mroonga.cpp    2014-10-22 23:37:41 +0900 (a85f9bd)
@@ -1212,17 +1212,19 @@ grn_obj_flags mrn_parse_grn_column_create_flags(grn_ctx *ctx,
   }
 
   while (flag_names < flag_names_end) {
+    uint rest_length = flag_names_end - flag_names;
+
     if (*flag_names == '|' || *flag_names == ' ') {
       flag_names += 1;
       continue;
     }
-    if (!memcmp(flag_names, "COLUMN_SCALAR", 13)) {
+    if (rest_length >= 13 && !memcmp(flag_names, "COLUMN_SCALAR", 13)) {
       flags |= GRN_OBJ_COLUMN_SCALAR;
       flag_names += 13;
-    } else if (!memcmp(flag_names, "COLUMN_VECTOR", 13)) {
+    } else if (rest_length >= 13 && !memcmp(flag_names, "COLUMN_VECTOR", 13)) {
       flags |= GRN_OBJ_COLUMN_VECTOR;
       flag_names += 13;
-    } else if (!memcmp(flag_names, "COMPRESS_ZLIB", 13)) {
+    } else if (rest_length >= 13 && !memcmp(flag_names, "COMPRESS_ZLIB", 13)) {
       if (is_zlib_support) {
         flags |= GRN_OBJ_COMPRESS_ZLIB;
       } else {
@@ -1231,7 +1233,7 @@ grn_obj_flags mrn_parse_grn_column_create_flags(grn_ctx *ctx,
                 "<COMPRESS_ZLIB> flag is ignored.");
       }
       flag_names += 13;
-    } else if (!memcmp(flag_names, "COMPRESS_LZ4", 12)) {
+    } else if (rest_length >= 12 && !memcmp(flag_names, "COMPRESS_LZ4", 12)) {
       if (is_lz4_support) {
         flags |= GRN_OBJ_COMPRESS_LZ4;
       } else {
-------------- next part --------------
HTML����������������������������...
다운로드 

• Previous message: [Groonga-mysql-commit] mroonga/mroonga at 6149443 [master] Merge pull request #32 from naoa/support-column-compression-flag
• Next message: [Groonga-mysql-commit] mroonga/mroonga at a697205 [master] Use more meaningful name and description
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]