svn commit: samba r23993 - in
branches/SAMBA_4_0/source/lib/ldb/common: .
abartlet at samba.org
abartlet at samba.org
Mon Jul 23 01:46:40 GMT 2007
Author: abartlet
Date: 2007-07-23 01:46:39 +0000 (Mon, 23 Jul 2007)
New Revision: 23993
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23993
Log:
Attempt to fix bug #4808, reported by mwallnoefer at yahoo.de. The issue
is that when we all ldb_msg_add_empty(), we might realloc() the
msg->elements array. We need to ensure the source pointer (when
copying an element from the same msg) is still valid, or the data
copied.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-07-22 17:13:46 UTC (rev 23992)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-07-23 01:46:39 UTC (rev 23993)
@@ -162,11 +162,14 @@
const struct ldb_message_element *el,
int flags)
{
+ /* We have to copy this, just in case *el is a pointer into
+ * what ldb_msg_add_empty() is about to realloc() */
+ struct ldb_message_element el_copy = *el;
if (ldb_msg_add_empty(msg, el->name, flags, NULL) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
- msg->elements[msg->num_elements-1] = *el;
+ msg->elements[msg->num_elements-1] = el_copy;
msg->elements[msg->num_elements-1].flags = flags;
return LDB_SUCCESS;
More information about the samba-cvs
mailing list