* record (other than to the minimal extent of computing the amount of
* data to read in) until we've checked the CRCs.
*
- * We assume all of the record has been read into memory at *record.
+ * We assume all of the record (that is, xl_tot_len bytes) has been read
+ * into memory at *record. Also, ValidXLogRecordHeader() has accepted the
+ * record's header, which means in particular that xl_tot_len is at least
+ * SizeOfXlogRecord, so it is safe to fetch xl_len.
*/
static bool
RecordIsValid(XLogRecord *record, XLogRecPtr recptr, int emode)
uint32 len = record->xl_len;
BkpBlock bkpb;
char *blk;
- char *recend = (char *) record + record->xl_tot_len;
+ size_t remaining = record->xl_tot_len;
/* First the rmgr data */
- if (XLogRecGetData(record) + len > recend)
+ if (remaining < SizeOfXLogRecord + len)
{
/* ValidXLogRecordHeader() should've caught this already... */
ereport(emode_for_corrupt_record(emode, recptr),
(uint32) (recptr >> 32), (uint32) recptr)));
return false;
}
+ remaining -= SizeOfXLogRecord + len;
INIT_CRC32(crc);
COMP_CRC32(crc, XLogRecGetData(record), len);
if (!(record->xl_info & XLR_SET_BKP_BLOCK(i)))
continue;
- if (blk + sizeof(BkpBlock) > recend)
+ if (remaining < sizeof(BkpBlock))
{
ereport(emode_for_corrupt_record(emode, recptr),
- (errmsg("incorrect backup block size in record at %X/%X",
+ (errmsg("invalid backup block size in record at %X/%X",
(uint32) (recptr >> 32), (uint32) recptr)));
return false;
}
}
blen = sizeof(BkpBlock) + BLCKSZ - bkpb.hole_length;
- if (blk + blen > recend)
+ if (remaining < blen)
{
ereport(emode_for_corrupt_record(emode, recptr),
(errmsg("invalid backup block size in record at %X/%X",
(uint32) (recptr >> 32), (uint32) recptr)));
return false;
}
+ remaining -= blen;
COMP_CRC32(crc, blk, blen);
blk += blen;
}
/* Check that xl_tot_len agrees with our calculation */
- if (blk != (char *) record + record->xl_tot_len)
+ if (remaining != 0)
{
ereport(emode_for_corrupt_record(emode, recptr),
(errmsg("incorrect total length in record at %X/%X",
/*
* If the whole record header is on this page, validate it immediately.
- * Otherwise only do a basic sanity check on xl_tot_len, and validate the
- * rest of the header after reading it from the next page.
+ * Otherwise do just a basic sanity check on xl_tot_len, and validate the
+ * rest of the header after reading it from the next page. The xl_tot_len
+ * check is necessary here to ensure that we enter the "Need to reassemble
+ * record" code path below; otherwise we might fail to apply
+ * ValidXLogRecordHeader at all.
*/
if (targetRecOff <= XLOG_BLCKSZ - SizeOfXLogRecord)
{
projects / postgresql.git / commitdiff