* mpool/mpool.c (mpool_get, mpool_write): Check that the offset calculation

didn't overflow. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16495 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2004-06-19 00:28:06 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2004-06-19 00:28:06 +0000
commit: c550ff5b95f8e659f091109cc33e185197ee0b87 (patch)
tree: 89f6021bffb5102b34aa215fce659e6932769bf3 /src/util/db2/mpool
parent: 4cb2c85fc7410b3e4a8559386fd17a51832caf12 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/src/util/db2/mpool/mpool.c b/src/util/db2/mpool/mpool.c
index 12e557d03..d172f71ba 100644
--- a/src/util/db2/mpool/mpool.c
+++ b/src/util/db2/mpool/mpool.c
@@ -227,6 +227,12 @@ mpool_get(mp, pgno, flags)
 	++mp->pageread;
 #endif
 	off = mp->pagesize * pgno;
+	if (off / mp->pagesize != pgno) {
+	    /* Run past the end of the file, or at least the part we
+	       can address without large-file support?  */
+	    errno = E2BIG;
+	    return NULL;
+	}
 	if (lseek(mp->fd, off, SEEK_SET) != off)
 		return (NULL);
 
@@ -416,6 +422,12 @@ mpool_write(mp, bp)
 		(mp->pgout)(mp->pgcookie, bp->pgno, bp->page);
 
 	off = mp->pagesize * bp->pgno;
+	if (off / mp->pagesize != bp->pgno) {
+	    /* Run past the end of the file, or at least the part we
+	       can address without large-file support?  */
+	    errno = E2BIG;
+	    return RET_ERROR;
+	}
 	if (lseek(mp->fd, off, SEEK_SET) != off)
 		return (RET_ERROR);
 	if (write(mp->fd, bp->page, mp->pagesize) != mp->pagesize)
author	Ken Raeburn <raeburn@mit.edu>	2004-06-19 00:28:06 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2004-06-19 00:28:06 +0000
commit	c550ff5b95f8e659f091109cc33e185197ee0b87 (patch)
tree	89f6021bffb5102b34aa215fce659e6932769bf3 /src/util/db2/mpool
parent	4cb2c85fc7410b3e4a8559386fd17a51832caf12 (diff)