[PATCH] lib/tdb: fix append of zero-length records to zero-length records.

Rusty Russell rusty at rustcorp.com.au
Wed Jul 29 22:08:27 MDT 2009


realloc() has that horrible overloaded free semantic when size is 0:
current code does a free of the old record in this case, then fail.

Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
---
 lib/tdb/common/tdb.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
index b59bb15..b78f74c 100644
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -584,8 +584,13 @@ int tdb_append(struct tdb_context *tdb, TDB_DATA key, 
TDB_DATA new_dbuf)
 	if (dbuf.dptr == NULL) {
 		dbuf.dptr = (unsigned char *)malloc(new_dbuf.dsize);
 	} else {
-		unsigned char *new_dptr = (unsigned char *)realloc(dbuf.dptr,
-						     dbuf.dsize + new_dbuf.dsize);
+		unsigned int new_len = dbuf.dsize + new_dbuf.dsize;
+		unsigned char *new_dptr;
+
+		/* realloc '0' is special: don't do that. */
+		if (new_len == 0)
+			new_len = 1;
+		new_dptr = (unsigned char *)realloc(dbuf.dptr, new_len);
 		if (new_dptr == NULL) {
 			free(dbuf.dptr);
 		}
-- 
1.6.0.4




More information about the samba-technical mailing list