Fix from Andrew Esh to ensure tdb_pack can't segfault.

author Jeremy Allison <jra@samba.org>

Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)

committer Jeremy Allison <jra@samba.org>

Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)
author Jeremy Allison <jra@samba.org>
Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)
committer Jeremy Allison <jra@samba.org>
Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)
diff --git a/source/tdb/tdbutil.c b/source/tdb/tdbutil.c

index 0d8f6128cc5f8e7d0cec89d3b2822227026bdf7d..49005f8765a7159bab628535ccf168598b797ab6 100644 (file)
--- a/source/tdb/tdbutil.c
+++ b/source/tdb/tdbutil.c
@@ -405,41 +405,41 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
                 case 'w':
                         len = 2;
                         w = (uint16)va_arg(ap, int);
-                       if (bufsize >= len)
+                       if (bufsize && bufsize >= len)
                                 SSVAL(buf, 0, w);
                         break;
                 case 'd':
                         len = 4;
                         d = va_arg(ap, uint32);
-                       if (bufsize >= len)
+                       if (bufsize && bufsize >= len)
                                 SIVAL(buf, 0, d);
                         break;
                 case 'p':
                         len = 4;
                         p = va_arg(ap, void *);
                         d = p?1:0;
-                       if (bufsize >= len)
+                       if (bufsize && bufsize >= len)
                                 SIVAL(buf, 0, d);
                         break;
                 case 'P':
                         s = va_arg(ap,char *);
                         w = strlen(s);
                         len = w + 1;
-                       if (bufsize >= len)
+                       if (bufsize && bufsize >= len)
                                 memcpy(buf, s, len);
                         break;
                 case 'f':
                         s = va_arg(ap,char *);
                         w = strlen(s);
                         len = w + 1;
-                       if (bufsize >= len)
+                       if (bufsize && bufsize >= len)
                                 memcpy(buf, s, len);
                         break;
                 case 'B':
                         i = va_arg(ap, int);
                         s = va_arg(ap, char *);
                         len = 4+i;
-                       if (bufsize >= len) {
+                       if (bufsize && bufsize >= len) {
                                 SIVAL(buf, 0, i);
                                 memcpy(buf+4, s, i);
                         }
@@ -452,7 +452,10 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
                 }
  
                 buf += len;
-               bufsize -= len;
+               if (bufsize)
+                       bufsize -= len;
+               if (bufsize < 0)
+                       bufsize = 0;
         }
  
         va_end(ap);
author	Jeremy Allison <jra@samba.org>
	Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)
committer	Jeremy Allison <jra@samba.org>
	Thu, 10 Apr 2003 19:08:45 +0000 (19:08 +0000)