From cd9aef8f7cabdb09a7b6e6c4884b8e3db41b0962 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 7 Jun 2021 11:00:18 +0300
Subject: [PATCH] genadb: fix maximum inner adb limit checking

---
 src/adb.h             | 3 ++-
 src/adb_walk_genadb.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/adb.h b/src/adb.h
index 10b46ac..a6bd121 100644
--- a/src/adb.h
+++ b/src/adb.h
@@ -272,13 +272,14 @@ struct adb_walk_gentext {
 	int key_printed : 1;
 };
 
+#define ADB_WALK_GENADB_MAX_IDB		2
 #define ADB_WALK_GENADB_MAX_NESTING	32
 #define ADB_WALK_GENADB_MAX_VALUES	100000
 
 struct adb_walk_genadb {
 	struct adb_walk d;
 	struct adb db;
-	struct adb idb[2];
+	struct adb idb[ADB_WALK_GENADB_MAX_IDB];
 	int nest, nestdb, num_vals;
 	struct adb_obj objs[ADB_WALK_GENADB_MAX_NESTING];
 	unsigned int curkey[ADB_WALK_GENADB_MAX_NESTING];
diff --git a/src/adb_walk_genadb.c b/src/adb_walk_genadb.c
index a15aa82..06a3f94 100644
--- a/src/adb_walk_genadb.c
+++ b/src/adb_walk_genadb.c
@@ -43,6 +43,7 @@ static int adb_walk_genadb_start_object(struct adb_walk *d)
 
 	if (*adb_ro_kind(&dt->objs[dt->nest-1], dt->curkey[dt->nest-1]) == ADB_KIND_ADB) {
 		struct adb_adb_schema *schema = container_of(&dt->objs[dt->nest-1].schema->kind, struct adb_adb_schema, kind);
+		if (dt->nestdb >= ARRAY_SIZE(dt->idb)) return -E2BIG;
 		adb_reset(&dt->idb[dt->nestdb]);
 		dt->idb[dt->nestdb].hdr.schema = htole32(schema->schema_id);
 		dt->objs[dt->nest].db = &dt->idb[dt->nestdb];