summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2009-07-30 13:09:33 -0700
committerJeremy Allison <jra@samba.org>2009-07-30 13:09:33 -0700
commita88c281ddc52bfb20cf65245a703233426bb4592 (patch)
treef560303844f087c1fcb7588164353eba013044d5
parent8eff9f9a3167eb0c2a4c00edf5a4cdbbc06c4dfd (diff)
downloadsamba-a88c281ddc52bfb20cf65245a703233426bb4592.tar.gz
samba-a88c281ddc52bfb20cf65245a703233426bb4592.tar.bz2
samba-a88c281ddc52bfb20cf65245a703233426bb4592.zip
If the record is at the end of the database, pretending it has length 1
might take us out-of-bounds. Only pretend to be length 1 for the malloc.
-rw-r--r--lib/tdb/common/io.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/tdb/common/io.c b/lib/tdb/common/io.c
index 661f761489..a0b3a3f24a 100644
--- a/lib/tdb/common/io.c
+++ b/lib/tdb/common/io.c
@@ -383,11 +383,8 @@ unsigned char *tdb_alloc_read(struct tdb_context *tdb, tdb_off_t offset, tdb_len
unsigned char *buf;
/* some systems don't like zero length malloc */
- if (len == 0) {
- len = 1;
- }
- if (!(buf = (unsigned char *)malloc(len))) {
+ if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
/* Ensure ecode is set for log fn. */
tdb->ecode = TDB_ERR_OOM;
TDB_LOG((tdb, TDB_DEBUG_ERROR,"tdb_alloc_read malloc failed len=%d (%s)\n",