svn commit: samba r22509 - in branches: SAMBA_3_0/source/groupdb SAMBA_3_0_25/source/groupdb

simo idra at samba.org
Fri Apr 27 13:44:59 GMT 2007


On Fri, 2007-04-27 at 07:57 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> James,
> 
> >> WebSVN:
> >> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22509
> >>
> >> Log:
> >> Fix some memory corruption caused by calling free()
> >> on talloc()'d memory when adding/removing members
> >> from Local Groups.
> > 
> > How about changing SAFE_FREE to prevent this sort of thing? eg.
> > 
> > #define SAFE_FREE(x) do { if ((x) != NULL) { \
> >     SMB_ASSERT(!talloc_is_talloc_pointer(free)); free(x); x=NULL;} }
> > while(0)
> 
> That will not crash but will potentially leak memory.  I'd rather
> have the crash.

In some cases it may also lead to crashes in other places I think.
To check if a pointer is a talloc context you have to access the header
which is pre-pended to the memory pointer.
Depending on the malloc() implementation checking the header (when this
is not talloc-ed memory) we may try to access a memory page we have no
access.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list