Crash in CLEAR_IF_FIRST handling in tdb
Jeremy Allison
jra at samba.org
Fri Oct 5 09:34:11 MDT 2012
On Fri, Oct 05, 2012 at 10:11:47AM +0200, Volker Lendecke wrote:
>
> Look at the code fragment in tdb_oob():
>
> if (st.st_size < (size_t)off + len) {
> if (!probe) {
> /* Ensure ecode is set for log fn. */
> tdb->ecode = TDB_ERR_IO;
> TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_oob len %u beyond eof at %u\n",
> (int)(off + len), (int)st.st_size));
> }
> return -1;
> }
>
> So if the file has shrunk before tdb_oob, this won't do
> anything but bail. tdb_oob is only to expand files, not
> shrink. That's why that patch is necessary.
Ah, I missed that. I assumed that if tdb_oob() returned
-1 we wouldn't continue, I didn't notice we weren't
checking the return.
Thanks for the clarification.
Jeremy.
More information about the samba-technical
mailing list