From be9a60a338fd8591918711f5e826012a0d83136e Mon Sep 17 00:00:00 2001 From: Pang Yan Han Date: Tue, 8 Feb 2011 06:59:04 +0800 Subject: Handle null pkgcache for local/sync db_populate() In sync_db_populate() and local_db_populate(), a NULL db->pkgcache is not caught, allowing the functions to continue instead of exiting. A later alpm_list_msort() call which uses alpm_list_nth() will thus traverse invalid pointers in a non-existent db->pkgcache->list. pm_errno is set to PM_ERR_MEMORY as _alpm_pkghash_create() will only return NULL when we run out of memory / exceed max hash table size. The local/sync db_populate() functions are also exited. Signed-off-by: Pang Yan Han Signed-off-by: Dan McGee --- lib/libalpm/be_local.c | 4 ++++ lib/libalpm/be_sync.c | 8 +++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/libalpm/be_local.c b/lib/libalpm/be_local.c index c5b24982..58582705 100644 --- a/lib/libalpm/be_local.c +++ b/lib/libalpm/be_local.c @@ -393,6 +393,10 @@ static int local_db_populate(pmdb_t *db) /* initialize hash at 50% full */ db->pkgcache = _alpm_pkghash_create(est_count * 2); + if(db->pkgcache == NULL){ + closedir(dbdir); + RET_ERR(PM_ERR_MEMORY, -1); + } while((ent = readdir(dbdir)) != NULL) { const char *name = ent->d_name; diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 4ad045c2..4e9b4d31 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -234,6 +234,9 @@ static int sync_db_populate(pmdb_t *db) /* initialize hash at 66% full */ db->pkgcache = _alpm_pkghash_create(est_count * 3 / 2); + if(db->pkgcache == NULL) { + RET_ERR(PM_ERR_MEMORY, -1); + } while(archive_read_next_header(archive, &entry) == ARCHIVE_OK) { const struct stat *st; @@ -348,6 +351,9 @@ static int sync_db_read(pmdb_t *db, struct archive *archive, if(likely_pkg && strcmp(likely_pkg->name, pkgname) == 0) { pkg = likely_pkg; } else { + if(db->pkgcache == NULL) { + RET_ERR(PM_ERR_MEMORY, -1); + } pkg = _alpm_pkghash_find(db->pkgcache, pkgname); } if(pkg == NULL) { @@ -459,10 +465,10 @@ pmdb_t *_alpm_db_register_sync(const char *treename) _alpm_log(PM_LOG_DEBUG, "registering sync database '%s'\n", treename); db = _alpm_db_new(treename, 0); - db->ops = &sync_db_ops; if(db == NULL) { RET_ERR(PM_ERR_DB_CREATE, NULL); } + db->ops = &sync_db_ops; handle->dbs_sync = alpm_list_add(handle->dbs_sync, db); return(db); -- cgit v1.2.3-70-g09d2