From 14d43d27e83ebae73794f422ee27e89d2a0a037e Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Wed, 5 Mar 2003 18:09:05 +0000
Subject: [PATCH] Fixed bug in bucket shakedown code: it crashed with a
 mysterious error message ("Unexpected EOF") when there was a bucket larger
 than the shakedown buffer and this included even deleted buckets (which was
 the cause of the latest crash on sherlock5: shakedown on a corrupted database
 patched the corruption by a large deleted bucket and when I ran it again, it
 crashed again due to this bucket).

Now we are able to cope with deleted buckets of any size and when we
encounter an oversized non-deleted bucket, we bail out with a proper
error message.
---
 lib/bucket.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/bucket.c b/lib/bucket.c
index c9fecd21..7c7b6f61 100644
--- a/lib/bucket.c
+++ b/lib/bucket.c
@@ -423,6 +423,18 @@ obuck_shakedown(int (*kibitz)(struct obuck_header *old, oid_t new, byte *buck))
 	  goto broken;
 	}
       l = (sizeof(struct obuck_header) + rhdr->length + 4 + OBUCK_ALIGN - 1) & ~(OBUCK_ALIGN-1);
+      if (l > obuck_shake_buflen)
+	{
+	  if (rhdr->oid != OBUCK_OID_DELETED)
+	    {
+	      msg = "bucket longer than ShakeBufSize";
+	      goto broken;
+	    }
+	  rstart = bucket_start + l;
+	  roff = 0;
+	  rsize = 0;
+	  goto reread;
+	}
       if (rsize - roff < l)
 	goto reread;
       if (GET_U32(rbuf + roff + l - 4) != OBUCK_TRAILER)
@@ -494,7 +506,7 @@ obuck_shakedown(int (*kibitz)(struct obuck_header *old, oid_t new, byte *buck))
   return;
 
  broken:
-  log(L_ERROR, "Error during object pool shakedown: %s (pos=%Ld), gathering debris", msg, (long long) bucket_start);
+  log(L_ERROR, "Error during object pool shakedown: %s (pos=%Ld, id=%x), gathering debris", msg, (long long) bucket_start, (uns)(bucket_start >> OBUCK_SHIFT));
   if (woff)
     {
       sh_pwrite(obuck_fd, wbuf, woff, wstart);
-- 
2.39.2