Fix theoretical problem with 0-length records.
authorRusty Russell <rusty@rustcorp.com.au>
Mon, 29 Jun 2009 02:17:20 +0000 (11:47 +0930)
committerRusty Russell <rusty@rustcorp.com.au>
Mon, 29 Jun 2009 02:17:20 +0000 (11:47 +0930)
By faking them out to length 1, we might go oob.  Just fake the malloc.

ccan/tdb/io.c

index c25f1cb447f8578ea58ca2a68c81412f311bc38b..d8140fea31d3655146b697a1dd0959502bafa33e 100644 (file)
@@ -383,11 +383,7 @@ unsigned char *tdb_alloc_read(struct tdb_context *tdb, tdb_off_t offset, tdb_len
        unsigned char *buf;
 
        /* some systems don't like zero length malloc */
-       if (len == 0) {
-               len = 1;
-       }
-
-       if (!(buf = (unsigned char *)malloc(len))) {
+       if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
                /* Ensure ecode is set for log fn. */
                tdb->ecode = TDB_ERR_OOM;
                TDB_LOG((tdb, TDB_DEBUG_ERROR,"tdb_alloc_read malloc failed len=%d (%s)\n",