severe (?) error in tdb.c
Jeremy Allison
jra at samba.org
Sat Sep 22 12:10:01 GMT 2001
On Sat, Sep 22, 2001 at 04:35:19PM +0200, andreas moroder wrote:
> Hello,
>
> in tdb.c the function tdb_next_lock is defined to retunr int.
>
> static int tdb_next_lock(TDB_CONTEXT *tdb, struct tdb_traverse_lock *tlock,
> struct list_struct *rec)
> {
>
> at line 1113
>
> if (!TDB_DEAD(rec)) {
> /* Woohoo: we found one! */
> lock_record(tdb, tlock->off);
> return tlock->off;
> }
>
> tlock->off is returned, but off is defined as UNSIGNED int
>
> at line 1153 tdb_next_lock is used in this statement
>
> while ((ret = tdb_next_lock(tdb, &tl, &rec)) > 0) {
>
> and 1180 ret is used in a test
>
> if (ret < 0)
> return -1;
>
> but tlock->off may be bigger than 0x7fff, so the return value can be , after
> being converted, <0, and thats wrong.
off in a struct tdb_traverse_lock is defined as u32, so the value
would have to be 0x7FFFFFFF. This means there is a restriction on
a tdb file of 2GB, which is not unreasonable (IMHO).
We should document it though.
Jeremy.
More information about the samba-technical
mailing list