s3: smbd: Ensure we don't call qsort() with a size of -1.
authorJeremy Allison <jra@samba.org>
Mon, 8 Sep 2014 23:16:24 +0000 (16:16 -0700)
committerJeremy Allison <jra@samba.org>
Wed, 10 Sep 2014 23:27:15 +0000 (01:27 +0200)
Based on a patch idea from Ken Harris <kharris@mathworks.com>

Fixes bug 10798 - crash in source3/smbd/notify.c

https://bugzilla.samba.org/show_bug.cgi?id=10798

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
source3/smbd/notify.c

index dd4dc1ad4b895a91d458dab7472b40780380bffb..ac1a55ce842a1779bd3f6bbb194a13fe8edd4493 100644 (file)
@@ -105,6 +105,14 @@ static bool notify_change_record_identical(struct notify_change_event *c1,
        return False;
 }
 
+static int compare_notify_change_events(const void *p1, const void *p2)
+{
+       const struct notify_change_event *e1 = p1;
+       const struct notify_change_event *e2 = p2;
+
+       return timespec_compare(&e1->when, &e2->when);
+}
+
 static bool notify_marshall_changes(int num_changes,
                                uint32 max_offset,
                                struct notify_change_event *changes,
@@ -116,6 +124,14 @@ static bool notify_marshall_changes(int num_changes,
                return false;
        }
 
+       /*
+        * Sort the notifies by timestamp when the event happened to avoid
+        * coalescing and thus dropping events.
+        */
+
+       qsort(changes, num_changes,
+             sizeof(*changes), compare_notify_change_events);
+
        for (i=0; i<num_changes; i++) {
                enum ndr_err_code ndr_err;
                struct notify_change_event *c;
@@ -170,14 +186,6 @@ static bool notify_marshall_changes(int num_changes,
        return True;
 }
 
-static int compare_notify_change_events(const void *p1, const void *p2)
-{
-       const struct notify_change_event *e1 = p1;
-       const struct notify_change_event *e2 = p2;
-
-       return timespec_compare(&e1->when, &e2->when);
-}
-
 /****************************************************************************
  Setup the common parts of the return packet and send it.
 *****************************************************************************/
@@ -202,14 +210,6 @@ void change_notify_reply(struct smb_request *req,
                return;
        }
 
-       /*
-        * Sort the notifies by timestamp when the event happened to avoid
-        * coalescing and thus dropping events in notify_marshall_changes.
-        */
-
-       qsort(notify_buf->changes, notify_buf->num_changes,
-             sizeof(*(notify_buf->changes)), compare_notify_change_events);
-
        if (!notify_marshall_changes(notify_buf->num_changes, max_param,
                                        notify_buf->changes, &blob)) {
                /*