ldb: Free empty index lists as talloc_realloc() fails in this case
authorAndrew Bartlett <abartlet@samba.org>
Tue, 26 Jul 2016 22:26:56 +0000 (10:26 +1200)
committerStefan Metzmacher <metze@samba.org>
Thu, 28 Jul 2016 08:06:12 +0000 (10:06 +0200)
talloc_realloc() requires that we know the correct parent to do the 0 -> free behaviour
and we do not have the correct parent here, list->dn may be a child of the module->idxptr
cache.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib/ldb/ldb_tdb/ldb_index.c

index 03ad44a1757f814c454f3933b884810011a8a2a5..ede37f99d3dfb4b1d6f4b4deddf83bf943195f5c 100644 (file)
@@ -1384,7 +1384,12 @@ int ltdb_index_del_value(struct ldb_module *module, struct ldb_dn *dn,
                memmove(&list->dn[j], &list->dn[j+1], sizeof(list->dn[0])*(list->count - (j+1)));
        }
        list->count--;
-       list->dn = talloc_realloc(list, list->dn, struct ldb_val, list->count);
+       if (list->count == 0) {
+               talloc_free(list->dn);
+               list->dn = NULL;
+       } else {
+               list->dn = talloc_realloc(list, list->dn, struct ldb_val, list->count);
+       }
 
        ret = ltdb_dn_list_store(module, dn_key, list);