diff options
| author | Jeremy Allison <jra@samba.org> | 1998-03-27 02:39:26 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-03-27 02:39:26 +0000 |
| commit | c9e066037ab222472085c4a0ecc8a39b337ad2aa (patch) | |
| tree | ad39c1c71c21d5f8b157a455acc76359dd35df27 /source | |
| parent | 6a3394a285a250d1029cdd545dd0bf832284555a (diff) | |
| download | samba-c9e066037ab222472085c4a0ecc8a39b337ad2aa.tar.gz samba-c9e066037ab222472085c4a0ecc8a39b337ad2aa.tar.xz samba-c9e066037ab222472085c4a0ecc8a39b337ad2aa.zip | |
Fix for client generated core-dump bug where offset to readraw
was so large that when used with -DUSE_MMAP it caused the unsigned
subtraction to wrap aound and become positive - thus causing
a silly memcpy offset. Thanks to "Michael St. Laurent" <rowl@earthlink.net>
for giving me the core dump that allowed me to track this one
down.
Jeremy.
Diffstat (limited to 'source')
| -rw-r--r-- | source/smbd/server.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source/smbd/server.c b/source/smbd/server.c index 08cf013920b..39580d008d4 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -2058,7 +2058,8 @@ int read_file(int fnum,char *data,uint32 pos,int n) #if USE_MMAP if (Files[fnum].mmap_ptr) { - int num = MIN(n,(int)(Files[fnum].mmap_size-pos)); + int num = (Files[fnum].mmap_size > pos) ? (Files[fnum].mmap_size - pos) : -1; + num = MIN(n,num); if (num > 0) { memcpy(data,Files[fnum].mmap_ptr+pos,num); |