Use after talloc_free...
Rusty Russell
rusty at rustcorp.com.au
Wed Nov 11 01:10:14 MST 2009
Two recent CTDB fixes (1cbf06a126621 and eda052101728cf) both fixed obvious
use-after-free bugs[1]. This has convinced me that something like SAFE_FREE
would be nice in talloc.
Since I hate SHOUTING, my proposal is a "talloc_free_var(&ptr)" which
frees and changes ptr, and is a first-class talloc function.
I even have an implementation. Yes, it's kinda tricky:
#define talloc_free_var(varp) \
do { \
talloc_free(&**(varp)); \
*(varp) = ((void *)((long)__LINE__ % getpagesize())); \
} while(0)
1) Accidentally using "talloc_free_var(ptr)" won't compile.
2) The result is still a non-NULL ptr, but an invalid one which gives a clue
as to where it was freed.
Thoughts?
Rusty.
[1] Neither actually indicated when they were introduced, nor cc'd the
culprit. I have[2].
[2] But Ronnie needs to use git-am so From get accredited correctly!
More information about the samba-technical
mailing list