Possible bug (memory leak) in serving return code from tdb_fetch( ).

jra at dp.samba.org jra at dp.samba.org
Sat Nov 23 01:59:00 GMT 2002


On Fri, Nov 22, 2002 at 04:28:22PM -0800, Arcady Chernyak wrote:
> Hi.
> I have analyzed code of the function: 
> 
> static struct printjob *print_job_find(int jobid)
> {
>     static struct printjob pjob;
>     TDB_DATA ret;
> 
>     ret = tdb_fetch(tdb, print_key(jobid));
>     if (!ret.dptr || ret.dsize != sizeof(pjob)) return NULL;
> 
>     memcpy(&pjob, ret.dptr, sizeof(pjob));
>     free(ret.dptr);
>     return &pjob;
> }
> 
> from the file printing\printing.c.
> 
> The function tdb_fetch() makes malloc() if ret.dptr != NULL.
> If record was found, but we got a different size, we are going to "return
> NULL". 
> In this case we shell get memory leak.
> I suggest the following function code:
> 
> static struct printjob *print_job_find(int jobid)
> {
>     static struct printjob pjob;
>     TDB_DATA ret;
> 
>     ret = tdb_fetch(tdb, print_key(jobid));
>     if (ret.dptr == NULL) return NULL;
>     if (ret.dsize != sizeof(pjob)){
>       free(ret.dptr);
>       return NULL;
>     }
>     memcpy(&pjob, ret.dptr, sizeof(pjob));
>     free(ret.dptr);
>     return &pjob;
> }

Yep - you are completely correct. I'm reviewing all uses of tdb_fetch()
to fix these bugs.

Thanks !

Jeremy.



More information about the samba-technical mailing list