Use after talloc_free...

Rusty Russell rusty at
Wed Nov 11 18:35:19 MST 2009

On Wed, 11 Nov 2009 10:18:34 pm Kai Blin wrote:
> On Wednesday 11 November 2009 12:37:07 Volker Lendecke wrote:
> > On Wed, Nov 11, 2009 at 12:33:29PM +0100, Kai Blin wrote:
> > > TALLOC_FREE is used in the shared code already. Why come up with yet
> > > another way to do it(tm)? Personally I think coding on Samba is
> > > complicated enough already.
> >
> > Because Rusty hates SHOUTING? :-)
> Attached patch would fix that, I guess?

Well, that would break valid uses of talloc_free (non-lvalues).[1]

To be clear: I *don't* want magic NULL-ing. If you want to NULL a pointer
because you're going to re-use it, I'd much rather that be explicit.  I want
an instant way to detect use-after-free, whether it be double-free or other
cases where NULL would be treated as special and mask the bug.

I also don't want the non-C-like arg-modifying behavior of TALLOC_FREE
(which is why it has to be upper case).  Hence I prefer a version which
takes &ptr, making it clear that it will modify ptr.

Basically, I think this mechanism is worthwhile becoming a 1st class
talloc citizen, so we should design it carefully.

[1] If I could get gcc to mangle the pointer iff it was an lvalue, I'd
    be tempted to do this trick.  But I can't think of a way...

More information about the samba-technical mailing list