On 13/02/17 13:16, hyc@symas.com wrote:
h.b.furuseth@usit.uio.no wrote:
(...) datacount > UINT_MAX is truncated to unsigned int: data[1].mv_size = 0x100000002 puts 2 items.
datacount * datasize can exceed UINT_MAX, which mdb_page_spill() truncates to unsigned int. Such a massive put() will likely fail anyway, but it should at least try to spill properly first.
We should probably check if mv_size is greater than UINT_MAX and return EINVAL. (Or ERANGE.)
If you mean check for overflow, that doesn't work on 32-bit hosts. We can do a general overflow check (assuming dcount i size_t here)
xdata.mv_size = data[0].mv_size * dcount; if (xdata.mv_size / dcount != data[0].mv_size) return <error>;
or if you want a compile-time max safe dcount on 32-bit, that's EVEN((size_t)-1 / (MAX_PAGESIZE/MDB_MINKEYS))
So - MDB_BAD_VALSIZE or a new MDB_* code: Not EINVAL, that should be reserved for obvious error conditions. And not ERANGE, we should not add new errno.h codes.
-
h.b.furuseth@usit.uio.no