r984: Ensure memmove & memcpy aren't called with len == 0.
authorJeremy Allison <jra@samba.org>
Wed, 2 Jun 2004 23:19:36 +0000 (23:19 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:51:52 +0000 (10:51 -0500)
Jeremy.
(This used to be commit 40c77dddc65e18b879d922379d562ffb8be80ab5)

source3/locking/locking.c

index 42036cc70cf54aeb6714be8e38d13deef571b0bb..2a27d7d4cdc1c8b0c28cd874a426ae0168eb79cd 100644 (file)
@@ -454,8 +454,10 @@ int get_share_modes(connection_struct *conn,
                                i++;
                        } else {
                                DEBUG(10,("get_share_modes: deleted %s\n", share_mode_str(i, entry_p) ));
-                               memcpy( &shares[i], &shares[i+1],
-                                       sizeof(share_mode_entry) * (num_share_modes - i - 1));
+                               if (num_share_modes - i - 1 > 0) {
+                                       memcpy( &shares[i], &shares[i+1],
+                                               sizeof(share_mode_entry) * (num_share_modes - i - 1));
+                               }
                                num_share_modes--;
                                del_count++;
                        }
@@ -575,8 +577,10 @@ ssize_t del_share_entry( SMB_DEV_T dev, SMB_INO_T inode,
                        if (ppse)
                                *ppse = memdup(&shares[i], sizeof(*shares));
                        data->u.num_share_mode_entries--;
-                       memmove(&shares[i], &shares[i+1], 
-                               dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares)));
+                       if ((dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares))) > 0) {
+                               memmove(&shares[i], &shares[i+1], 
+                                       dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares)));
+                       }
                        del_count++;
 
                        DEBUG(10,("del_share_entry: deleting entry %d\n", i ));