From a88c281ddc52bfb20cf65245a703233426bb4592 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Thu, 30 Jul 2009 13:09:33 -0700 Subject: If the record is at the end of the database, pretending it has length 1 might take us out-of-bounds. Only pretend to be length 1 for the malloc. --- lib/tdb/common/io.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lib/tdb') diff --git a/lib/tdb/common/io.c b/lib/tdb/common/io.c index 661f761489..a0b3a3f24a 100644 --- a/lib/tdb/common/io.c +++ b/lib/tdb/common/io.c @@ -383,11 +383,8 @@ unsigned char *tdb_alloc_read(struct tdb_context *tdb, tdb_off_t offset, tdb_len unsigned char *buf; /* some systems don't like zero length malloc */ - if (len == 0) { - len = 1; - } - if (!(buf = (unsigned char *)malloc(len))) { + if (!(buf = (unsigned char *)malloc(len ? len : 1))) { /* Ensure ecode is set for log fn. */ tdb->ecode = TDB_ERR_OOM; TDB_LOG((tdb, TDB_DEBUG_ERROR,"tdb_alloc_read malloc failed len=%d (%s)\n", -- cgit