Skip to content

Commit 3c99c75

Browse files
AlexPeshkoffAlexPeshkoff
committed
Fixed CORE-6528: Connect to database that contains broken pages can lead to FB crash
1 parent 4f3c9f6 commit 3c99c75

1 file changed

Lines changed: 30 additions & 1 deletion

File tree

src/jrd/btr.cpp

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4119,7 +4119,36 @@ static index_root_page* fetch_root(thread_db* tdbb, WIN* window, const jrd_rel*
41194119
window->win_page = relPages->rel_index_root;
41204120
}
41214121

4122-
return (index_root_page*) CCH_FETCH(tdbb, window, LCK_read, pag_root);
4122+
index_root_page* irp = (index_root_page*) CCH_FETCH(tdbb, window, LCK_read, pag_root);
4123+
if (irp)
4124+
{
4125+
// check RPT size correctness
4126+
FB_UINT64 rptSize = sizeof(index_root_page) - sizeof(index_root_page::irt_repeat);
4127+
rptSize += FB_UINT64(irp->irt_count) * sizeof(index_root_page::irt_repeat);
4128+
if (rptSize > tdbb->getDatabase()->dbb_page_size)
4129+
{
4130+
CCH_RELEASE(tdbb, window);
4131+
(Arg::Gds(isc_random) << "Bad index root page: too many indices").raise();
4132+
}
4133+
4134+
// check keys location on page
4135+
for (USHORT i = 0; i < irp->irt_count; ++i)
4136+
{
4137+
index_root_page::irt_repeat* irt = &irp->irt_rpt[i];
4138+
if (!irt->getRoot())
4139+
continue;
4140+
4141+
FB_UINT64 descEnd = irt->irt_desc;
4142+
descEnd += FB_UINT64(irt->irt_keys) * sizeof(irtd);
4143+
if (descEnd > tdbb->getDatabase()->dbb_page_size)
4144+
{
4145+
CCH_RELEASE(tdbb, window);
4146+
(Arg::Gds(isc_random) << "Bad index root page: keys run out of page").raise();
4147+
}
4148+
}
4149+
}
4150+
4151+
return irp;
41234152
}
41244153

41254154

0 commit comments

Comments
 (0)