Andrew Tridgell tridge at linuxcare.com
Thu Aug 10 13:17:26 GMT 2000

If any code is looking at any of the data bytes following a pointer
returned from a 0 length alloc then that code is buggy. When code asks
for N bytes it must _never_ look at any bytes beyond N. It sounds like
the parse code has some bugs in it.

To track down those bugs I suggest instead we change talloc() to
always return 0xdeadbeef for allocations of size zero. This will cause
the bugs to show up a lot earlier and will make them easier to

> The buffer for monitorname and defaultdatatype both pointed
> to the unmarshalled UNISTR "RAW"

no they didn't, they pointed to a zero length area of ram. That area
happens to be followed by the string "RAW", but that should be
irrelevant, if we didn't have any bugs :)

Cheers, Tridge

More information about the samba-technical mailing list