From ffee47d3262a178706aa01ba7974f86403ad1898 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Thu, 11 Oct 2007 06:45:33 +0000 Subject: [PATCH] Fixed buffer overrun in leaf page merge. --- isamb/isamb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/isamb/isamb.c b/isamb/isamb.c index b62515b..3b4ef25 100644 --- a/isamb/isamb.c +++ b/isamb/isamb.c @@ -1,4 +1,4 @@ -/* $Id: isamb.c,v 1.47.2.8 2006-12-05 21:14:42 adam Exp $ +/* $Id: isamb.c,v 1.47.2.9 2007-10-11 06:45:33 adam Exp $ Copyright (C) 1995,1996,1997,1998,1999,2000,2001,2002,2003,2004 Index Data Aps @@ -620,13 +620,14 @@ int insert_leaf (ISAMB b, struct ISAMB_block **sp1, void *lookahead_item, void *c1 = (*b->method->code_start)(ISAMC_DECODE); void *c2 = (*b->method->code_start)(ISAMC_ENCODE); int more = 1; - int quater = b->file[b->no_cat-1].head.block_max / CAT_MAX; + int quater = b->file[b->no_cat-1].head.block_max / 4; char *cut = dst_buf + quater * 2; char *maxp = dst_buf + b->file[b->no_cat-1].head.block_max; char *half1 = 0; char *half2 = 0; char cut_item_buf[DST_ITEM_MAX]; int cut_item_size = 0; + int inserted_dst_bytes = 0; if (p && p->size) { @@ -640,6 +641,7 @@ int insert_leaf (ISAMB b, struct ISAMB_block **sp1, void *lookahead_item, { char *dst_item = 0; char *lookahead_next; + char *dst_0 = dst; int d = -1; if (lookahead_item) @@ -676,7 +678,8 @@ int insert_leaf (ISAMB b, struct ISAMB_block **sp1, void *lookahead_item, (*b->method->code_item)(ISAMC_ENCODE, c2, &dst, &dst_item); if (d > 0) { - if (dst > maxp) + inserted_dst_bytes += (dst - dst_0); + if (inserted_dst_bytes >= quater) lookahead_item = 0; else { -- 1.7.10.4