[PATCH] lib/tdb: fix append of zero-length records to zero-length records.
Rusty Russell
rusty at rustcorp.com.au
Wed Jul 29 22:08:27 MDT 2009
realloc() has that horrible overloaded free semantic when size is 0:
current code does a free of the old record in this case, then fail.
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
---
lib/tdb/common/tdb.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
index b59bb15..b78f74c 100644
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -584,8 +584,13 @@ int tdb_append(struct tdb_context *tdb, TDB_DATA key,
TDB_DATA new_dbuf)
if (dbuf.dptr == NULL) {
dbuf.dptr = (unsigned char *)malloc(new_dbuf.dsize);
} else {
- unsigned char *new_dptr = (unsigned char *)realloc(dbuf.dptr,
- dbuf.dsize + new_dbuf.dsize);
+ unsigned int new_len = dbuf.dsize + new_dbuf.dsize;
+ unsigned char *new_dptr;
+
+ /* realloc '0' is special: don't do that. */
+ if (new_len == 0)
+ new_len = 1;
+ new_dptr = (unsigned char *)realloc(dbuf.dptr, new_len);
if (new_dptr == NULL) {
free(dbuf.dptr);
}
--
1.6.0.4
More information about the samba-technical
mailing list