From: Andrew Tridgell Date: Fri, 11 Sep 2009 08:00:42 +0000 (+1000) Subject: s4-ldb: don't remove a message element beyond the end of the array X-Git-Tag: talloc-2.0.1~534 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b20af988c319f389e29db0a47d552c5f68aed58;p=thirdparty%2Fsamba.git s4-ldb: don't remove a message element beyond the end of the array --- diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c index 8d0fa313a00..702978a3611 100644 --- a/source4/lib/ldb/common/ldb_msg.c +++ b/source4/lib/ldb/common/ldb_msg.c @@ -739,6 +739,10 @@ int ldb_msg_copy_attr(struct ldb_message *msg, const char *attr, const char *rep void ldb_msg_remove_element(struct ldb_message *msg, struct ldb_message_element *el) { int n = (el - msg->elements); + if (n >= msg->num_elements) { + /* should we abort() here? */ + return; + } if (n != msg->num_elements-1) { memmove(el, el+1, ((msg->num_elements-1) - n)*sizeof(*el)); }