aft: Avoid invalid read.

[paraslash.git] / aft.c

diff --git a/aft.c b/aft.c
index c04d4f9c99e89afb451afe94be7fcc64461b15e1..e370eaad80cdfadc9dbd62b357442e200945934e 100644 (file)
--- a/aft.c
+++ b/aft.c
@@ -407,7 +407,7 @@ static void load_chunk_table(struct afh_info *afhi, const struct osl_object *ct)
        int i;
        size_t sz;
 
-       if (!ct->data || ct->size < 4) {
+       if (!ct->data || ct->size < 4 * (afhi->chunks_total + 1)) {
                afhi->chunk_table = NULL;
                return;
        }
@@ -1035,17 +1035,33 @@ int open_and_update_audio_file(struct audio_file_data *afd)
        struct afsi_change_event_data aced;
        struct osl_object map, chunk_table_obj;
        struct ls_data *d = &status_item_ls_data;
+       unsigned char *tmp_hash;
 again:
        ret = score_get_best(&current_aft_row, &d->score);
        if (ret < 0)
                return ret;
-       ret = get_hash_of_row(current_aft_row, &d->hash);
+       /*
+        * get_hash_of_row() and get_audio_file_path_of_row() initialize
+        * their pointer argument to point to memory-mapped files. These pointers
+        * become stale after a new audio file has been added or after the
+        * server process received SIGHUP. For in both cases libosl unmaps and
+        * remaps the underlying database files, and this remapping may well
+        * change the starting address of the mapping. To avoid stale pointer
+        * references we create copies on the heap.
+        */
+       ret = get_hash_of_row(current_aft_row, &tmp_hash);
        if (ret < 0)
                return ret;
+       if (!d->hash)
+               d->hash = para_malloc(HASH_SIZE);
+       memcpy(d->hash, tmp_hash, HASH_SIZE);
+       free(d->path);
        ret = get_audio_file_path_of_row(current_aft_row, &d->path);
        if (ret < 0)
                return ret;
        PARA_NOTICE_LOG("%s\n", d->path);
+       d->path = para_strdup(d->path);
+
        ret = get_afsi_object_of_row(current_aft_row, &afsi_obj);
        if (ret < 0)
                return ret;
@@ -2518,10 +2534,12 @@ static int aft_open(const char *dir)
                PARA_NOTICE_LOG("current audio file hash lookup: success\n");
                return 1;
        }
-       PARA_NOTICE_LOG("failed to open audio file table\n");
        audio_file_table = NULL;
-       if (ret == -OSL_ERRNO_TO_PARA_ERROR(E_OSL_NOENT))
+       if (ret == -OSL_ERRNO_TO_PARA_ERROR(E_OSL_NOENT)) {
+               PARA_WARNING_LOG("no audio file table\n");
                return 1;
+       }
+       PARA_NOTICE_LOG("failed to open audio file table\n");
        return ret;
 }
 
@@ -2579,7 +2597,8 @@ static int aft_event_handler(enum afs_events event, struct para_buffer *pb,
                ret = get_audio_file_path_of_row(current_aft_row, &path);
                if (ret < 0)
                        return ret;
-               status_item_ls_data.path = path;
+               free(status_item_ls_data.path);
+               status_item_ls_data.path = para_strdup(path);
                make_status_items();
                return 1;
        } case AFHI_CHANGE: {
@@ -2603,6 +2622,10 @@ static int aft_event_handler(enum afs_events event, struct para_buffer *pb,
                 * current status items are affected and simply recreate them
                 * every time.
                 */
+               ret = get_afhi_of_row(current_aft_row,
+                       &status_item_ls_data.afhi);
+               if (ret < 0)
+                       return ret;
                make_status_items();
                return 0;
        } default: