[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-351-g7be1d72

Jeremy Allison jra at samba.org
Wed Jul 15 12:09:16 MDT 2009

On Wed, Jul 15, 2009 at 05:52:36PM +0200, Volker Lendecke wrote:
> On Wed, Jul 15, 2009 at 08:47:19AM -0700, Jeremy Allison wrote:
> > If this is being used to large transfer buffers
> > in other places then I'll revert and re-add the
> > memset() calls in clifile.c. Let me know.
> If you asked me, I would prefer to leave it without the
> zeroing out.
> For the libsmbclient calls I've at least tried to run them
> all under valgrind at least once, this would also catch
> those errors.
> But if you feel better with zeroing out everything, fine.

Well I just looked into the uses of tevent_req_create() in
winbindd, for example inside wb_child_request_send() and
the *response element of the allocated struct is not
initialized. Now this may be safe in that *response is
not looked at until success is returned, but it's kind
of begging for a future memory problem if someone does
a TALLOC_FREE on state->response at some point in the
future (not saying that anyone does, just that they
might :-).

Looking at all the other uses of tevent_req_create() in
our code it does seem that it's always used to allocate
small state structs, so to be honest I think it's a
safer interface if it always zeros out what is

If we ever need this to do large values we could
revisit this.


More information about the samba-technical mailing list