svn commit: samba r13978 - in branches/SAMBA_3_0/source/registry: .
jra at samba.org
jra at samba.org
Tue Mar 7 19:19:00 GMT 2006
Author: jra
Date: 2006-03-07 19:18:56 +0000 (Tue, 07 Mar 2006)
New Revision: 13978
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13978
Log:
Here is why it's essential to use SAFE_FREE instead of free.
If we use free(data.dptr) and then the subsequent tdb_open
fails in _reg_perfcount_get_counter_data() then data.dptr
is left as a non-zero pointer that has been freed. This would
cause it to be reused later on. Coverity bug #162.
Jeremy.
Modified:
branches/SAMBA_3_0/source/registry/reg_perfcount.c
Changeset:
Modified: branches/SAMBA_3_0/source/registry/reg_perfcount.c
===================================================================
--- branches/SAMBA_3_0/source/registry/reg_perfcount.c 2006-03-07 19:18:47 UTC (rev 13977)
+++ branches/SAMBA_3_0/source/registry/reg_perfcount.c 2006-03-07 19:18:56 UTC (rev 13978)
@@ -499,7 +499,7 @@
obj->counters[obj->NumCounters].CounterType = atoi(buf);
DEBUG(10, ("_reg_perfcount_get_counter_info: Got type [%d] for counter [%d].\n",
obj->counters[obj->NumCounters].CounterType, CounterIndex));
- free(data.dptr);
+ SAFE_FREE(data.dptr);
/* Fetch the actual data */
_reg_perfcount_make_key(&key, buf, PERFCOUNT_MAX_LEN, CounterIndex, "");
@@ -544,7 +544,7 @@
memset(buf, 0, PERFCOUNT_MAX_LEN);
memcpy(buf, data.dptr, data.dsize);
}
- free(data.dptr);
+ SAFE_FREE(data.dptr);
obj->counter_data.ByteLength += dsize + padding;
obj->counter_data.data = TALLOC_REALLOC_ARRAY(ps->mem_ctx,
@@ -694,7 +694,7 @@
return False;
memset(inst->counter_data.data, 0, data.dsize);
memcpy(inst->counter_data.data, data.dptr, data.dsize);
- free(data.dptr);
+ SAFE_FREE(data.dptr);
/* Fetch instance name */
memset(temp, 0, PERFCOUNT_MAX_LEN);
@@ -719,7 +719,7 @@
uint8,
inst->NameLength);
memcpy(inst->data, name, inst->NameLength);
- free(data.dptr);
+ SAFE_FREE(data.dptr);
}
inst->ParentObjectTitleIndex = 0;
@@ -807,7 +807,7 @@
DEBUG(3, ("_reg_perfcount_assemble_global: Failed to add new relationship for counter [%d].\n", j));
retval = -1;
}
- free(data.dptr);
+ SAFE_FREE(data.dptr);
}
else
DEBUG(3, ("NULL relationship for counter [%d] using key [%s].\n", j, keybuf));
@@ -837,7 +837,7 @@
memset(buf, 0, PERFCOUNT_MAX_LEN);
memcpy(buf, data.dptr, data.dsize);
- free(data.dptr);
+ SAFE_FREE(data.dptr);
*retval = atof(buf);
More information about the samba-cvs
mailing list