Possibility of Memory Leak in smbd/trans2.c
Jeremy Allison
jeremy at valinux.com
Tue Jan 23 20:29:33 GMT 2001
Kenichi Okuyama wrote:
> I've found possibility of memory leak in smbd/trans2.c.
>
> The point exists where Realloc() is being called.
>
> 1) There were several points that Realloc() is being called
> without checking possibility of NULL being returned from
> Realloc().
>
> 2) This was the tipical Realloc calling patterns:
>
> params = *pparams = Realloc(*pparams, 28);
> if(params == NULL)
> return(ERROR(ERRDOS,ERRnomem));
>
> The problem is, that if Realloc() returned NULL, original
> memory chunk will not be freed. They will be kept with
> any data left unchanged.
>
> But because we overwrite both 'params' and '*pparams', we no
> longer have pointer to original chunk. These should be changed
> to pattern like follows:
>
> params = Realloc(*pparams, 28);
> if(params == NULL)
> return(ERROR(ERRDOS,ERRnomem));
> *pparams = params;
>
> I've looked over smbd/trans2.c for this bug. I don't know about
> others.
>
> The patch follows after this message.
Thanks - this patch looks good. I've committed it to 2.2 and
HEAD.
Thanks,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list