diff options
author | Tom Yu <tlyu@mit.edu> | 2016-09-07 17:28:34 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-09-09 17:10:23 -0400 |
commit | 95f4a7da460a2b72c60070f291b7dfbdafd0356c (patch) | |
tree | eec7ae972882b154523d07f0ead89a7dcb339d61 | |
parent | 4cbecf8e288513f7e4ac1f11a5c22b5569a82b47 (diff) | |
download | krb5-95f4a7da460a2b72c60070f291b7dfbdafd0356c.zip krb5-95f4a7da460a2b72c60070f291b7dfbdafd0356c.tar.gz krb5-95f4a7da460a2b72c60070f291b7dfbdafd0356c.tar.bz2 |
Fix unaligned accesses in bt_split.c
In the libdb2 btree back end, splitting a page at an overflow key
could result in an unaligned access, causing a crash (and data
corruption) on platforms with strict alignment. This probably occurs
only rarely in practice.
(cherry picked from commit 537aba0dda3a1f696f10fde56348fde06d88939c)
ticket: 8493
version_fixed: 1.13.7
-rw-r--r-- | src/plugins/kdb/db2/libdb2/btree/bt_split.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_split.c b/src/plugins/kdb/db2/libdb2/btree/bt_split.c index 2460aa5..c5f151d 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_split.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_split.c @@ -245,9 +245,12 @@ __bt_split(t, sp, key, data, flags, ilen, argskip) WR_BINTERNAL(dest, nksize ? nksize : bl->ksize, rchild->pgno, bl->flags & P_BIGKEY); memmove(dest, bl->bytes, nksize ? nksize : bl->ksize); - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - goto err1; + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + goto err1; + } break; case P_RINTERNAL: /* @@ -568,9 +571,12 @@ bt_broot(t, h, l, r) * If the key is on an overflow page, mark the overflow chain * so it isn't deleted when the leaf copy of the key is deleted. */ - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - return (RET_ERROR); + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + return (RET_ERROR); + } break; case P_BINTERNAL: bi = GETBINTERNAL(r, 0); |