Fixed bug in bucket shakedown code: it crashed with a mysterious error message

("Unexpected EOF") when there was a bucket larger than the shakedown buffer
and this included even deleted buckets (which was the cause of the latest crash
on sherlock5: shakedown on a corrupted database patched the corruption by
a large deleted bucket and when I ran it again, it crashed again due to this
bucket).

Now we are able to cope with deleted buckets of any size and when we
encounter an oversized non-deleted bucket, we bail out with a proper
error message.

diff --git a/lib/bucket.c b/lib/bucket.c
index c9fecd218d5dd10a22ac85c2be4db85cd7e566af..7c7b6f61a7bf05b65bcf0e925d406144fe8d0ba8 100644 (file)
--- a/lib/bucket.c
+++ b/lib/bucket.c
@@ -423,6 +423,18 @@ obuck_shakedown(int (*kibitz)(struct obuck_header *old, oid_t new, byte *buck))
          goto broken;
        }
       l = (sizeof(struct obuck_header) + rhdr->length + 4 + OBUCK_ALIGN - 1) & ~(OBUCK_ALIGN-1);
+      if (l > obuck_shake_buflen)
+       {
+         if (rhdr->oid != OBUCK_OID_DELETED)
+           {
+             msg = "bucket longer than ShakeBufSize";
+             goto broken;
+           }
+         rstart = bucket_start + l;
+         roff = 0;
+         rsize = 0;
+         goto reread;
+       }
       if (rsize - roff < l)
        goto reread;
       if (GET_U32(rbuf + roff + l - 4) != OBUCK_TRAILER)
@@ -494,7 +506,7 @@ obuck_shakedown(int (*kibitz)(struct obuck_header *old, oid_t new, byte *buck))
   return;
 
  broken:
-  log(L_ERROR, "Error during object pool shakedown: %s (pos=%Ld), gathering debris", msg, (long long) bucket_start);
+  log(L_ERROR, "Error during object pool shakedown: %s (pos=%Ld, id=%x), gathering debris", msg, (long long) bucket_start, (uns)(bucket_start >> OBUCK_SHIFT));
   if (woff)
     {
       sh_pwrite(obuck_fd, wbuf, woff, wstart);