talloc_incr_ref_count does not work

Michael Cohen michael.cohen at netspeed.com.au
Fri Dec 8 23:48:53 GMT 2006 

Hi Tridge,
  Yes, sorry I meant talloc_increase_ref_count(). Have a look at the following
  snippet of code which demonstrates what I meant: (This is against latest talloc svn)

#include <stdlib.h>
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>

#include "talloc.h"

int main() {
  char *a = talloc_strdup(NULL, "/");
  char *b = talloc_strdup(a,"/b");
  char *c = talloc_strdup(b,"/b/a");

  // Make a have some more children
  talloc_strdup(a,"/c");
  talloc_strdup(a,"/d");
  talloc_strdup(a,"/e");

  // Now b has some more other children.
  talloc_strdup(b,"/b/b");
  
  //Now we incref c presumably because we want to keep it valid:
  talloc_increase_ref_count(c);

  // I am freeing a here, but I expect c to still be valid because I have
  // increased reference for it just above.
  talloc_free(a);

  // This is where talloc aborts, valgrind indicates a double free
  talloc_free(c);
};

I turns out that talloc_free(a) frees b and decrefs c reparenting it back to a.
Then as talloc_free cascades through a's children it gets to the newly parented
c and frees it as well.

Turns out that you can do this to fix the above problem:
add a char *p = talloc_strdup(NULL,"something");

and instead of talloc_increase_ref_count() use:
talloc_reference(p,c);

So this is specifically related to the null_context. I am happy to use the
above workaround with a static pointer to attach references to.

Michael.
  
On Sat, Dec 09, 2006 at 09:38:43AM +1100, tridge at samba.org wrote:
> Michael,
> 
> > So the overall effect is that talloc_incr_ref_count does not work. the node
> > gets freed anyway.
> 
> I presume you mean talloc_increase_ref_count() ?
> 
> Could you take a look at the talloc test suite and give me a patch
> that demonstrates the problem? It does test
> talloc_increase_ref_count(), and we rely on it working in a couple of
> places in Samba4, but maybe there are situations where it doesn't work
> as expected. It would be easier for me to understand these situations
> if you gave me an example in C - perhaps a patch to test_misc() in
> testsuite.c, or a new test_refcount() test?
> 
> Cheers, Tridge
>

More information about the samba-technical mailing list