[PATCH] lib/tdb: fix append of zero-length records to zero-length records.
Jeremy Allison
jra at samba.org
Thu Jul 30 14:11:21 MDT 2009
On Thu, Jul 30, 2009 at 01:45:41PM +0930, Rusty Russell wrote:
> realloc() has that horrible overloaded free semantic when size is 0:
> current code does a free of the old record in this case, then fail.
>
> Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
> ---
> lib/tdb/common/tdb.c | 9 +++++++--
> 1 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
> index b59bb15..b78f74c 100644
> --- a/lib/tdb/common/tdb.c
> +++ b/lib/tdb/common/tdb.c
> @@ -584,8 +584,13 @@ int tdb_append(struct tdb_context *tdb, TDB_DATA key, TDB_DATA new_dbuf)
> if (dbuf.dptr == NULL) {
> dbuf.dptr = (unsigned char *)malloc(new_dbuf.dsize);
> } else {
> - unsigned char *new_dptr = (unsigned char *)realloc(dbuf.dptr,
> - dbuf.dsize + new_dbuf.dsize);
> + unsigned int new_len = dbuf.dsize + new_dbuf.dsize;
> + unsigned char *new_dptr;
> +
> + /* realloc '0' is special: don't do that. */
> + if (new_len == 0)
> + new_len = 1;
> + new_dptr = (unsigned char *)realloc(dbuf.dptr, new_len);
> if (new_dptr == NULL) {
> free(dbuf.dptr);
> }
Pushed both of these fixes - thanks Rusty !
Jeremy.
More information about the samba-technical
mailing list