From e98a2e1fca5f1cb61e1441520a695073bab1bec4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 20 Jun 2006 01:20:38 +0000
Subject: r16390: Klocwork #604 - ensure if NULL pointer we assert if len != 0.
 Jeremy. (This used to be commit e99cedfb0cabe3863797c8bd4594ee0826022d2e)

---
 source3/lib/messages.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'source3/lib/messages.c')

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index cd2a3b36b6..dd6d4137d7 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -105,6 +105,7 @@ static void ping_message(int msg_type, struct process_id src,
 			 void *buf, size_t len)
 {
 	const char *msg = buf ? buf : "none";
+
 	DEBUG(1,("INFO: Received PING message from PID %s [%s]\n",
 		 procid_str_static(&src), msg));
 	message_send_pid(src, MSG_PONG, buf, len, True);
@@ -198,6 +199,11 @@ static BOOL message_send_pid_internal(struct process_id pid, int msg_type,
 	char *ptr;
 	struct message_rec prec;
 
+	/* NULL pointer means implicit length zero. */
+	if (!buf) {
+		SMB_ASSERT(len == 0);
+	}
+
 	/*
 	 * Doing kill with a non-positive pid causes messages to be
 	 * sent to places we don't want.
@@ -209,7 +215,7 @@ static BOOL message_send_pid_internal(struct process_id pid, int msg_type,
 	rec.msg_type = msg_type;
 	rec.dest = pid;
 	rec.src = procid_self();
-	rec.len = len;
+	rec.len = buf ? len : 0;
 
 	kbuf = message_key_pid(pid);
 
@@ -218,7 +224,7 @@ static BOOL message_send_pid_internal(struct process_id pid, int msg_type,
 		return False;
 
 	memcpy(dbuf.dptr, &rec, sizeof(rec));
-	if (len > 0)
+	if (len > 0 && buf)
 		memcpy((void *)((char*)dbuf.dptr+sizeof(rec)), buf, len);
 
 	dbuf.dsize = len + sizeof(rec);
-- 
cgit