Skip to content

Commit 2573f14

Browse files
AlexPeshkoffAlexPeshkoff
committed
Backported CORE-6528: Connect to database that contains broken pages can lead to FB crash
1 parent 8b43c7b commit 2573f14

1 file changed

Lines changed: 30 additions & 1 deletion

File tree

src/jrd/btr.cpp

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4062,7 +4062,36 @@ static index_root_page* fetch_root(thread_db* tdbb, WIN* window, const jrd_rel*
40624062
window->win_page = relPages->rel_index_root;
40634063
}
40644064

4065-
return (index_root_page*) CCH_FETCH(tdbb, window, LCK_read, pag_root);
4065+
index_root_page* irp = (index_root_page*) CCH_FETCH(tdbb, window, LCK_read, pag_root);
4066+
if (irp)
4067+
{
4068+
// check RPT size correctness
4069+
FB_UINT64 rptSize = sizeof(index_root_page) - sizeof(index_root_page::irt_repeat);
4070+
rptSize += FB_UINT64(irp->irt_count) * sizeof(index_root_page::irt_repeat);
4071+
if (rptSize > tdbb->getDatabase()->dbb_page_size)
4072+
{
4073+
CCH_RELEASE(tdbb, window);
4074+
(Arg::Gds(isc_random) << "Bad index root page: too many indices").raise();
4075+
}
4076+
4077+
// check keys location on page
4078+
for (USHORT i = 0; i < irp->irt_count; ++i)
4079+
{
4080+
index_root_page::irt_repeat* irt = &irp->irt_rpt[i];
4081+
if (!irt->getRoot())
4082+
continue;
4083+
4084+
FB_UINT64 descEnd = irt->irt_desc;
4085+
descEnd += FB_UINT64(irt->irt_keys) * sizeof(irtd);
4086+
if (descEnd > tdbb->getDatabase()->dbb_page_size)
4087+
{
4088+
CCH_RELEASE(tdbb, window);
4089+
(Arg::Gds(isc_random) << "Bad index root page: keys run out of page").raise();
4090+
}
4091+
}
4092+
}
4093+
4094+
return irp;
40664095
}
40674096

40684097

0 commit comments

Comments
 (0)