[PATCH] s3: Call va_end() after all va_start()/va_copy() calls.
Andrew Kroeger
andrew at id10ts.net
Fri Jun 12 08:14:41 GMT 2009
All:
Please find attached a patch that ensures that va_end() is properly
called for cleanup after calls to va_start() or va_end().
Sincerely,
Andrew Kroeger
-------------- next part --------------
>From 43cd1c73410cb692d275d03c13aa9c5c80ba7527 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew at id10ts.net>
Date: Thu, 11 Jun 2009 02:15:28 -0500
Subject: [PATCH] s3: Call va_end() after all va_start()/va_copy() calls.
There are error paths in S3 where va_end() is not properly called after
va_start() or va_copy() have been called.
These issues were noted while performing an inspection for S4 bug #6129. Thanks
to Erik Hovland <erik at hovland.org> for the original bug report.
---
source3/lib/ldb/common/ldb_dn.c | 2 +-
source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 1 +
source3/lib/util.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c
index 09d5855..fb7f3e9 100644
--- a/source3/lib/ldb/common/ldb_dn.c
+++ b/source3/lib/ldb/common/ldb_dn.c
@@ -362,9 +362,9 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char
va_start(ap, new_fmt);
strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
+ va_end(ap);
if (strdn == NULL)
return NULL;
- va_end(ap);
dn = ldb_dn_explode(mem_ctx, strdn);
diff --git a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
index cb516b6..d8fc162 100644
--- a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -534,6 +534,7 @@ query_int(const struct lsqlite3_private * lsqlite3,
/* Format the query */
if ((p = sqlite3_vmprintf(pSql, args)) == NULL) {
+ va_end(args);
return SQLITE_NOMEM;
}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index b85f29e..c0bb042 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2113,10 +2113,10 @@ void *smb_xmalloc_array(size_t size, unsigned int count)
va_copy(ap2, ap);
n = vasprintf(ptr, format, ap2);
+ va_end(ap2);
if (n == -1 || ! *ptr) {
smb_panic("smb_xvasprintf: out of memory");
}
- va_end(ap2);
return n;
}
--
1.6.0.6
More information about the samba-technical
mailing list