svn commit: samba r23993 - in branches/SAMBA_4_0/source/lib/ldb/common: .

abartlet at samba.org abartlet at samba.org
Mon Jul 23 01:46:40 GMT 2007


Author: abartlet
Date: 2007-07-23 01:46:39 +0000 (Mon, 23 Jul 2007)
New Revision: 23993

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23993

Log:
Attempt to fix bug #4808, reported by mwallnoefer at yahoo.de.  The issue
is that when we all ldb_msg_add_empty(), we might realloc() the
msg->elements array.  We need to ensure the source pointer (when
copying an element from the same msg) is still valid, or the data
copied.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c	2007-07-22 17:13:46 UTC (rev 23992)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c	2007-07-23 01:46:39 UTC (rev 23993)
@@ -162,11 +162,14 @@
 		const struct ldb_message_element *el, 
 		int flags)
 {
+	/* We have to copy this, just in case *el is a pointer into
+	 * what ldb_msg_add_empty() is about to realloc() */
+	struct ldb_message_element el_copy = *el;
 	if (ldb_msg_add_empty(msg, el->name, flags, NULL) != 0) {
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	msg->elements[msg->num_elements-1] = *el;
+	msg->elements[msg->num_elements-1] = el_copy;
 	msg->elements[msg->num_elements-1].flags = flags;
 
 	return LDB_SUCCESS;



More information about the samba-cvs mailing list