BUG in smbw_dir.c

andreas moroder claudiamoroder at st-ulrich.suedtirol.net
Tue Oct 9 12:49:02 GMT 2001


Hello,

in smbwrapper/smbw_dir.c at smbw_dir_add there is a big bug.

static void smbw_dir_add(struct file_info *finfo, const char *mask,
			 void *state)
{
	struct file_info *cdl;

	DEBUG(5,("%s\n", finfo->name));

	if (cur_dir->malloced == cur_dir->count) {

		#### Here the result of realloc is assigned to cdl
		cdl = (struct file_info *)Realloc(cur_dir->list,
							    sizeof(cur_dir->list[0])*
							    (cur_dir->count+100));
		#### here cur_dir->list is tested
		#### cdl is never tested
		if (!cur_dir->list) {
			/* oops */
			return;
		}
		cur_dir->list = cdl;
		cur_dir->malloced += 100;
	}

	cur_dir->list[cur_dir->count] = *finfo;
	cur_dir->count++;
}


There are also two memory leaks in smbwrapper/shared.c

in the lines 114 and 169 the result of Realloc is assigned to the same 
variable passed to Realloc

variable=Realloc(variables )


There are also realloc ( lowercase ) around in the code that should be 
changed to Realloc.



Bye

Andreas Moroder




More information about the samba-technical mailing list