[Pkg-gnupg-commit] [gnupg2] 13/112: g10: Fix crash.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 1af2fd44f0a66fd0d94c224319db0b128d42a288
Author: Justus Winter <justus at g10code.com>
Date:   Thu Jul 21 11:49:33 2016 +0200

    g10: Fix crash.
    
    * g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
    cache limit.  Previously, this would crash if db_cache_count == count.
    
    Reported-by: Ben Kibbey <bjk at luxsci.net>
    Signed-off-by: Justus Winter <justus at g10code.com>
---
 g10/tofu.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/g10/tofu.c b/g10/tofu.c
index 471aec6..0b9d848 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1104,8 +1104,14 @@ tofu_closedbs (ctrl_t ctrl)
              is easy to skip the first COUNT entries since we still
              have a handle on the old head.  */
           int skip = DB_CACHE_ENTRIES - count;
-          while (-- skip > 0)
-            old_head = old_head->next;
+          if (skip < 0)
+            for (old_head = db_cache, skip = DB_CACHE_ENTRIES;
+                 skip > 0;
+                 old_head = old_head->next, skip--)
+              { /* Do nothing.  */ }
+          else
+            while (-- skip > 0)
+              old_head = old_head->next;
 
           *old_head->prevp = NULL;
 
@@ -1116,6 +1122,8 @@ tofu_closedbs (ctrl_t ctrl)
               old_head = db;
               db_cache_count --;
             }
+
+          log_assert (db_cache_count == DB_CACHE_ENTRIES);
         }
     }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git