Author: abartlet Date: 2007-07-23 01:46:39 +0000 (Mon, 23 Jul 2007) New Revision: 23993
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23993 Log: Attempt to fix bug #4808, reported by [EMAIL PROTECTED] The issue is that when we all ldb_msg_add_empty(), we might realloc() the msg->elements array. We need to ensure the source pointer (when copying an element from the same msg) is still valid, or the data copied. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c =================================================================== --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-07-22 17:13:46 UTC (rev 23992) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-07-23 01:46:39 UTC (rev 23993) @@ -162,11 +162,14 @@ const struct ldb_message_element *el, int flags) { + /* We have to copy this, just in case *el is a pointer into + * what ldb_msg_add_empty() is about to realloc() */ + struct ldb_message_element el_copy = *el; if (ldb_msg_add_empty(msg, el->name, flags, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - msg->elements[msg->num_elements-1] = *el; + msg->elements[msg->num_elements-1] = el_copy; msg->elements[msg->num_elements-1].flags = flags; return LDB_SUCCESS;