Use after talloc_free...
Rusty Russell
rusty at rustcorp.com.au
Wed Nov 11 18:35:19 MST 2009
On Wed, 11 Nov 2009 10:18:34 pm Kai Blin wrote:
> On Wednesday 11 November 2009 12:37:07 Volker Lendecke wrote:
> > On Wed, Nov 11, 2009 at 12:33:29PM +0100, Kai Blin wrote:
> > > TALLOC_FREE is used in the shared code already. Why come up with yet
> > > another way to do it(tm)? Personally I think coding on Samba is
> > > complicated enough already.
> >
> > Because Rusty hates SHOUTING? :-)
>
> Attached patch would fix that, I guess?
Well, that would break valid uses of talloc_free (non-lvalues).[1]
To be clear: I *don't* want magic NULL-ing. If you want to NULL a pointer
because you're going to re-use it, I'd much rather that be explicit. I want
an instant way to detect use-after-free, whether it be double-free or other
cases where NULL would be treated as special and mask the bug.
I also don't want the non-C-like arg-modifying behavior of TALLOC_FREE
(which is why it has to be upper case). Hence I prefer a version which
takes &ptr, making it clear that it will modify ptr.
Basically, I think this mechanism is worthwhile becoming a 1st class
talloc citizen, so we should design it carefully.
Thanks,
Rusty.
[1] If I could get gcc to mangle the pointer iff it was an lvalue, I'd
be tempted to do this trick. But I can't think of a way...
More information about the samba-technical
mailing list