1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-26 01:52:45 +02:00

g10: Fix crash.

* g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
cache limit.  Previously, this would crash if db_cache_count == count.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-07-21 11:49:33 +02:00
parent 1598a44764
commit 1af2fd44f0

View File

@ -1104,8 +1104,14 @@ tofu_closedbs (ctrl_t ctrl)
is easy to skip the first COUNT entries since we still is easy to skip the first COUNT entries since we still
have a handle on the old head. */ have a handle on the old head. */
int skip = DB_CACHE_ENTRIES - count; int skip = DB_CACHE_ENTRIES - count;
while (-- skip > 0) if (skip < 0)
old_head = old_head->next; for (old_head = db_cache, skip = DB_CACHE_ENTRIES;
skip > 0;
old_head = old_head->next, skip--)
{ /* Do nothing. */ }
else
while (-- skip > 0)
old_head = old_head->next;
*old_head->prevp = NULL; *old_head->prevp = NULL;
@ -1116,6 +1122,8 @@ tofu_closedbs (ctrl_t ctrl)
old_head = db; old_head = db;
db_cache_count --; db_cache_count --;
} }
log_assert (db_cache_count == DB_CACHE_ENTRIES);
} }
} }