Possible bug (memory leak) in serving return code from tdb_fetch( ).
jra at dp.samba.org
jra at dp.samba.org
Sat Nov 23 01:59:00 GMT 2002
On Fri, Nov 22, 2002 at 04:28:22PM -0800, Arcady Chernyak wrote:
> Hi.
> I have analyzed code of the function:
>
> static struct printjob *print_job_find(int jobid)
> {
> static struct printjob pjob;
> TDB_DATA ret;
>
> ret = tdb_fetch(tdb, print_key(jobid));
> if (!ret.dptr || ret.dsize != sizeof(pjob)) return NULL;
>
> memcpy(&pjob, ret.dptr, sizeof(pjob));
> free(ret.dptr);
> return &pjob;
> }
>
> from the file printing\printing.c.
>
> The function tdb_fetch() makes malloc() if ret.dptr != NULL.
> If record was found, but we got a different size, we are going to "return
> NULL".
> In this case we shell get memory leak.
> I suggest the following function code:
>
> static struct printjob *print_job_find(int jobid)
> {
> static struct printjob pjob;
> TDB_DATA ret;
>
> ret = tdb_fetch(tdb, print_key(jobid));
> if (ret.dptr == NULL) return NULL;
> if (ret.dsize != sizeof(pjob)){
> free(ret.dptr);
> return NULL;
> }
> memcpy(&pjob, ret.dptr, sizeof(pjob));
> free(ret.dptr);
> return &pjob;
> }
Yep - you are completely correct. I'm reviewing all uses of tdb_fetch()
to fix these bugs.
Thanks !
Jeremy.
More information about the samba-technical
mailing list