buffindexed segfaults on broken overviews...

Dan Merillat harik at chaos.ao.net
Wed Jan 3 04:14:20 UTC 2001

If low is more then high (Possible if binary corruption occurs on a crash)
ovgroupmmap returns TRUE without ever allocating Gib... and, since it
returns true the whole thing segfaults because it assumes Gib exists.

There's such a mix of return TRUE/FALSE in this function I'm not sure
what it all means.  Katsuhiro, can you explain it and I'll send a patch
to document it better?

I THINK, (but am not sure), that the way it's supposed to work is that
all those return TRUEs need to be FALSE, and only return true on sucess.

Anyway, this stops nnrpd from segfaulting on a few broken groups, but can
still process valid articles in those groups.


Index: buffindexed.c
RCS file: /home/cvs/inn/storage/buffindexed/buffindexed.c,v
retrieving revision 1.52
diff -p -u -r1.52 buffindexed.c
--- buffindexed.c       2000/11/22 08:43:49     1.52
+++ buffindexed.c       2001/01/03 04:03:39
@@ -1505,7 +1505,7 @@ static bool ovgroupmmap(GROUPENTRY *ge, 
   GIBLIST              *giblist;
	    if (high - low < 0)
		 -    return TRUE;
		 +    return FALSE;
		    Gibcount = ge->count;
			    if (Gibcount == 0)
				      return TRUE;

More information about the inn-workers mailing list