[PATCH 1/2] lib/ldb Remove talloc_free() that causes double-free in callbacks.

Andrew Bartlett abartlet at samba.org
Thu Dec 16 04:28:45 MST 2010

This partially reverts 0941099a, which was a little over-eager in
fixing what were presumed to be memory leaks.

It is always the callbacks responsiblity to free the ares, but if they
don't then the end of the request should handle the cleanup.
Attempting to talloc_free() here will result (as it did in the
descriptor module) in a double-free error if the callback does free
it, and no other caller of ldb_module_send_entry() has this behaviour.

Andrew Bartlett
 source4/lib/ldb/ldb_tdb/ldb_index.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c
index 71cffb9..02e4acb 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_index.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_index.c
@@ -966,7 +966,9 @@ static int ltdb_index_filter(const struct dn_list *dn_list,
 		ret = ldb_module_send_entry(ac->req, msg, NULL);
 		if (ret != LDB_SUCCESS) {
-			talloc_free(msg);
+			/* Regardless of success or failure, the msg
+			 * is the callbacks responsiblity, and should
+			 * not be talloc_free()'ed */
 			ac->request_terminated = true;
 			return ret;


More information about the samba-technical mailing list