Possible bug (memory leak) in serving return code from tdb_fetch(
).
Arcady Chernyak
Arcady.Chernyak at efi.com
Sat Nov 23 00:33:00 GMT 2002
Hi.
I have analyzed code of the function:
static struct printjob *print_job_find(int jobid)
{
static struct printjob pjob;
TDB_DATA ret;
ret = tdb_fetch(tdb, print_key(jobid));
if (!ret.dptr || ret.dsize != sizeof(pjob)) return NULL;
memcpy(&pjob, ret.dptr, sizeof(pjob));
free(ret.dptr);
return &pjob;
}
from the file printing\printing.c.
The function tdb_fetch() makes malloc() if ret.dptr != NULL.
If record was found, but we got a different size, we are going to "return
NULL".
In this case we shell get memory leak.
I suggest the following function code:
static struct printjob *print_job_find(int jobid)
{
static struct printjob pjob;
TDB_DATA ret;
ret = tdb_fetch(tdb, print_key(jobid));
if (ret.dptr == NULL) return NULL;
if (ret.dsize != sizeof(pjob)){
free(ret.dptr);
return NULL;
}
memcpy(&pjob, ret.dptr, sizeof(pjob));
free(ret.dptr);
return &pjob;
}
The same thing also happens in the files:
Lib/messages.c function: static BOOL message_recv
Nsswith/winbindd_cache.c function: static uint32
cached_sequence_number
Regards
Arcady
More information about the samba-technical
mailing list