projects
/
ccan
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6d35d74
)
Fix theoretical problem with 0-length records.
author
Rusty Russell
<rusty@rustcorp.com.au>
Mon, 29 Jun 2009 02:17:20 +0000
(11:47 +0930)
committer
Rusty Russell
<rusty@rustcorp.com.au>
Mon, 29 Jun 2009 02:17:20 +0000
(11:47 +0930)
By faking them out to length 1, we might go oob. Just fake the malloc.
ccan/tdb/io.c
patch
|
blob
|
history
diff --git
a/ccan/tdb/io.c
b/ccan/tdb/io.c
index c25f1cb447f8578ea58ca2a68c81412f311bc38b..d8140fea31d3655146b697a1dd0959502bafa33e 100644
(file)
--- a/
ccan/tdb/io.c
+++ b/
ccan/tdb/io.c
@@
-383,11
+383,7
@@
unsigned char *tdb_alloc_read(struct tdb_context *tdb, tdb_off_t offset, tdb_len
unsigned char *buf;
/* some systems don't like zero length malloc */
- if (len == 0) {
- len = 1;
- }
-
- if (!(buf = (unsigned char *)malloc(len))) {
+ if (!(buf = (unsigned char *)malloc(len ? len : 1))) {
/* Ensure ecode is set for log fn. */
tdb->ecode = TDB_ERR_OOM;
TDB_LOG((tdb, TDB_DEBUG_ERROR,"tdb_alloc_read malloc failed len=%d (%s)\n",