svn commit: samba r22509 - in
branches: SAMBA_3_0/source/groupdb SAMBA_3_0_25/source/groupdb
simo
idra at samba.org
Fri Apr 27 13:44:59 GMT 2007
On Fri, 2007-04-27 at 07:57 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> James,
>
> >> WebSVN:
> >> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22509
> >>
> >> Log:
> >> Fix some memory corruption caused by calling free()
> >> on talloc()'d memory when adding/removing members
> >> from Local Groups.
> >
> > How about changing SAFE_FREE to prevent this sort of thing? eg.
> >
> > #define SAFE_FREE(x) do { if ((x) != NULL) { \
> > SMB_ASSERT(!talloc_is_talloc_pointer(free)); free(x); x=NULL;} }
> > while(0)
>
> That will not crash but will potentially leak memory. I'd rather
> have the crash.
In some cases it may also lead to crashes in other places I think.
To check if a pointer is a talloc context you have to access the header
which is pre-pended to the memory pointer.
Depending on the malloc() implementation checking the header (when this
is not talloc-ed memory) we may try to access a memory page we have no
access.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list