On 13/02/17 13:16, hyc(a)symas.com wrote:
> h.b.furuseth(a)usit.uio.no wrote:
>> (...)
>> datacount > UINT_MAX is truncated to unsigned int:
>> data[1].mv_size = 0x100000002 puts 2 items.
>
>> datacount * datasize can exceed UINT_MAX, which mdb_page_spill()
>> truncates to unsigned int. Such a massive put() will likely
>> fail anyway, but it should at least try to spill properly first.
>
> We should probably check if mv_size is greater than UINT_MAX and return
> EINVAL. (Or ERANGE.)
If you mean check for overflow, that doesn't work on 32-bit hosts.
We can do a general overflow check (assuming dcount i size_t here)
xdata.mv_size = data[0].mv_size * dcount;
if (xdata.mv_size / dcount != data[0].mv_size)
return <error>;
or if you want a compile-time max safe dcount on 32-bit, that's
EVEN((size_t)-1 / (MAX_PAGESIZE/MDB_MINKEYS))
So - MDB_BAD_VALSIZE or a new MDB_* code:
Not EINVAL, that should be reserved for obvious error conditions.
And not ERANGE, we should not add new errno.h codes.