Merge tag '1.9.0' into ubuntu-ppa

.github/workflows/codeql-analysis.yml

@@ -2,6 +2,8 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches-ignore:
+      - 'dependabot/**'
   pull_request:
   schedule:
     - cron: '0 7 * * 2'
@@ -27,7 +29,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
 
     - run: sudo apt install libipc-run3-perl libipc-system-simple-perl libfile-slurp-perl libfile-which-perl pandoc
     - run: |
@@ -37,4 +39,4 @@ jobs:
             make safedist
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required (VERSION 3.9)
 
 project(maxminddb
   LANGUAGES C
-  VERSION 1.8.0
+  VERSION 1.9.0
 )
 set(MAXMINDDB_SOVERSION 0.0.7)
 set(CMAKE_C_STANDARD 99)
@@ -37,8 +37,8 @@ if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
   set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 endif()
 
-configure_file(${PROJECT_SOURCE_DIR}/include/maxminddb_config.h.cmake.in 
-               ${PROJECT_SOURCE_DIR}/include/maxminddb_config.h)
+configure_file(${PROJECT_SOURCE_DIR}/include/maxminddb_config.h.cmake.in
+          ${CMAKE_CURRENT_BINARY_DIR}/generated/maxminddb_config.h)
 
 add_library(maxminddb
   src/maxminddb.c
@@ -79,12 +79,14 @@ endif()
 target_include_directories(maxminddb PUBLIC
   $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}>
   $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include>
+  $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/generated/>
   $<INSTALL_INTERFACE:include>
+  $<INSTALL_INTERFACE:generated>
 )
 
 set(MAXMINDB_HEADERS
   include/maxminddb.h
-  include/maxminddb_config.h
+  ${CMAKE_CURRENT_BINARY_DIR}/generated/maxminddb_config.h
 )
 set_target_properties(maxminddb PROPERTIES PUBLIC_HEADER "${MAXMINDB_HEADERS}")
 

Changes.md

@@ -1,3 +1,13 @@
+## 1.9.0 - 2024-01-09
+
+* On very large databases, the calculation to determine the search tree
+  size could overflow. This was fixed and several additional guards
+  against overflows were added. Reported by Sami Salonen. GitHub #335.
+* Removed `sa_family_t` typedef from the public header on Windows. Pull
+  request by Noah Treuhaft. GitHub #334.
+* The CMake build was adjusted to allow running builds in parallel.
+  Pull request by Vladyslav Miachkov. GitHub #332.
+
 ## 1.8.0 - 2023-11-07
 
 * `PACKAGE_VERSION` is now a private compile definition when building

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.63])
-AC_INIT([libmaxminddb], [1.8.0], [[email protected]])
+AC_INIT([libmaxminddb], [1.9.0], [[email protected]])
 AC_CONFIG_SRCDIR([include/maxminddb.h])
 AC_CONFIG_HEADERS([config.h include/maxminddb_config.h])
 

include/maxminddb.h

@@ -17,8 +17,6 @@ extern "C" {
 #include <ws2tcpip.h>
 /* libmaxminddb package version from configure */
 
-typedef ADDRESS_FAMILY sa_family_t;
-
 #if defined(_MSC_VER)
 /* MSVC doesn't define signed size_t, copy it from configure */
 #define ssize_t SSIZE_T

src/data-pool.c

@@ -9,8 +9,6 @@
 #include <stddef.h>
 #include <stdlib.h>
 
-static bool can_multiply(size_t const, size_t const, size_t const);
-
 // Allocate an MMDB_data_pool_s. It initially has space for size
 // MMDB_entry_data_list_s structs.
 MMDB_data_pool_s *data_pool_new(size_t const size) {
@@ -43,7 +41,7 @@ MMDB_data_pool_s *data_pool_new(size_t const size) {
 // the given max. max will typically be SIZE_MAX.
 //
 // We want to know if we'll wrap around.
-static bool can_multiply(size_t const max, size_t const m, size_t const n) {
+bool can_multiply(size_t const max, size_t const m, size_t const n) {
     if (m == 0) {
         return false;
     }

src/data-pool.h

@@ -44,6 +44,7 @@ typedef struct MMDB_data_pool_s {
     MMDB_entry_data_list_s *blocks[DATA_POOL_NUM_BLOCKS];
 } MMDB_data_pool_s;
 
+bool can_multiply(size_t const, size_t const, size_t const);
 MMDB_data_pool_s *data_pool_new(size_t const);
 void data_pool_destroy(MMDB_data_pool_s *const);
 MMDB_entry_data_list_s *data_pool_alloc(MMDB_data_pool_s *const);

src/maxminddb.c

@@ -23,6 +23,8 @@
 #endif
 #include <windows.h>
 #include <ws2ipdef.h>
+#define SSIZE_MAX INTPTR_MAX
+typedef ADDRESS_FAMILY sa_family_t;
 #else
 #include <arpa/inet.h>
 #include <sys/mman.h>
@@ -288,18 +290,29 @@ int MMDB_open(const char *const filename, uint32_t flags, MMDB_s *const mmdb) {
         goto cleanup;
     }
 
-    uint32_t search_tree_size =
-        mmdb->metadata.node_count * mmdb->full_record_byte_size;
+    if (!can_multiply(SSIZE_MAX,
+                      mmdb->metadata.node_count,
+                      mmdb->full_record_byte_size)) {
+        status = MMDB_INVALID_METADATA_ERROR;
+        goto cleanup;
+    }
+    ssize_t search_tree_size = (ssize_t)mmdb->metadata.node_count *
+                               (ssize_t)mmdb->full_record_byte_size;
 
     mmdb->data_section =
         mmdb->file_content + search_tree_size + MMDB_DATA_SECTION_SEPARATOR;
-    if (search_tree_size + MMDB_DATA_SECTION_SEPARATOR >
-        (uint32_t)mmdb->file_size) {
+    if (mmdb->file_size < MMDB_DATA_SECTION_SEPARATOR ||
+        search_tree_size > mmdb->file_size - MMDB_DATA_SECTION_SEPARATOR) {
+        status = MMDB_INVALID_METADATA_ERROR;
+        goto cleanup;
+    }
+    ssize_t data_section_size =
+        mmdb->file_size - search_tree_size - MMDB_DATA_SECTION_SEPARATOR;
+    if (data_section_size > UINT32_MAX || data_section_size <= 0) {
         status = MMDB_INVALID_METADATA_ERROR;
         goto cleanup;
     }
-    mmdb->data_section_size = (uint32_t)mmdb->file_size - search_tree_size -
-                              MMDB_DATA_SECTION_SEPARATOR;
+    mmdb->data_section_size = (uint32_t)data_section_size;
 
     // Although it is likely not possible to construct a database with valid
     // valid metadata, as parsed above, and a data_section_size less than 3,