From: Michal Schmidt Date: Fri, 12 Dec 2014 17:21:55 +0000 (+0100) Subject: journal: map objects to context set by caller, not by actual object type X-Git-Tag: v219~1005 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=fed67c38e3;hp=fad5a6c66e73d3df20846906121d52159e1f6bf4 journal: map objects to context set by caller, not by actual object type When the caller of journal_file_move_to_object() specifies type==0, the object header is at first mapped in context 0. Then after the header is checked, the whole object is mapped in a context determined by the actual object type (which is not even range-checked using type_to_context()). This looks wrong. It should map in the caller-specified context. An old comment in sd_journal_enumerate_unique() supports this view: /* We do not use the type context here, but 0 instead, * so that we can look at this data object at the same * time as one on another file */ Clearly the expectation was that the data object will remain mapped in context 0 without being pushed away by mapping other objects in context OBJECT_DATA. I suspect that this was the real bug that got fixed by ae97089d49 "journal: fix access to munmapped memory in sd_journal_enumerate_unique". In other words, journal_file_object_keep/release are superfluous after applying this patch. --- diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c index 622eb165e..01b7f89fe 100644 --- a/src/journal/journal-file.c +++ b/src/journal/journal-file.c @@ -445,7 +445,7 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec return -EBADMSG; if (s > sizeof(ObjectHeader)) { - r = journal_file_move_to(f, o->object.type, false, offset, s, &t); + r = journal_file_move_to(f, type_to_context(type), false, offset, s, &t); if (r < 0) return r;