From 4cb473562e4602ce92c331631b491c910dea536c Mon Sep 17 00:00:00 2001
From: Michael Hohmuth <sideral@rockbox.org>
Date: Thu, 4 Aug 2011 10:21:40 +0000
Subject: [PATCH] Database: Fix memory-area bounds checking during database
 reload.

Check free space before reading new data from disk, and do not forget
to account for the RAM-cache header.

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@30246 a1c6a512-1295-4272-9138-f99709370657
---
 apps/tagcache.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/apps/tagcache.c b/apps/tagcache.c
index c6a08fea4f..7f33db7cf5 100644
--- a/apps/tagcache.c
+++ b/apps/tagcache.c
@@ -3905,7 +3905,7 @@ static bool load_tagcache(void)
 {
     struct tagcache_header *tch;
     struct master_header tcmh;
-    long bytesleft = tc_stat.ramcache_allocated;
+    long bytesleft = tc_stat.ramcache_allocated - sizeof(struct ramcache_header);
     struct index_entry *idx;
     int rc, fd;
     char *p;
@@ -3943,6 +3943,14 @@ static bool load_tagcache(void)
     /* Load the master index table. */
     for (i = 0; i < tcmh.tch.entry_count; i++)
     {
+        bytesleft -= sizeof(struct index_entry);
+        if (bytesleft < 0)
+        {
+            logf("too big tagcache.");
+            close(fd);
+            return false;
+        }
+
         /* DEBUG: After tagcache commit and dircache rebuild, hdr-sturcture
          * may become corrupt. */
         rc = ecread_index_entry(fd, idx);
@@ -3953,15 +3961,6 @@ static bool load_tagcache(void)
             return false;
         }
     
-        bytesleft -= sizeof(struct index_entry);
-        if (bytesleft < 0 ||
-            ((long)idx - (long)ramcache_hdr->indices) >= tc_stat.ramcache_allocated)
-        {
-            logf("too big tagcache.");
-            close(fd);
-            return false;
-        }
-
         idx++;
     }