r17181: Fix the build farm RAW-READ bug. When making a copy

of the lock array in order to delete them individually
it's also important to make a copy of the *size* of
this array. Otherwise the unlock decrements the termination
index of your for loop :-). Doh ! Big thanks to Volker
for showing me how to set up the build farm to track
this one down. This is not a 3.0.23a issue.
Jeremy.
(This used to be commit 2c82a159ae6a4cc83989f2b453508358db516d67)

diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 20bb4314b6398889f3635b3471df86a62a079909..07e4b4c16b763817b36ff08d2aa8232e75bfbc8e 100644 (file)
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -1243,14 +1243,16 @@ void brl_close_fnum(struct byte_range_lock *br_lck)
 
                if (unlock_individually) {
                        struct lock_struct *locks_copy;
+                       unsigned int num_locks_copy;
 
                        /* Copy the current lock array. */
                        locks_copy = TALLOC_MEMDUP(br_lck, locks, br_lck->num_locks * sizeof(struct lock_struct));
                        if (!locks_copy) {
                                smb_panic("brl_close_fnum: talloc fail.\n");
                        }
+                       num_locks_copy = br_lck->num_locks;
 
-                       for (i=0; i < br_lck->num_locks; i++) {
+                       for (i=0; i < num_locks_copy; i++) {
                                struct lock_struct *lock = &locks_copy[i];
 
                                if (lock->context.tid == tid && procid_equal(&lock->context.pid, &pid) &&