BUG: talloc reads freed memory.

tridge at samba.org tridge at samba.org
Tue Dec 21 21:36:24 MST 2010

Hi Rusty,

Thanks for finding this!

 > Now, simply clearing tc->prev (and tc->next) just breaks this reparenting
 > logic.  Getting the parent earlier in case the destructor fails is
 > O(siblings) and we'd be better off just keeping all the parent pointers
 > uptodate (ie. make talloc_steal() O(siblings)).

yep, I agree. We've discussed previously changing talloc to always
keep tc->parent valid, and now we have a really good reason to do
it. I've currently testing a patch that does this. It passes valgrind
tests so far.

Cheers, Tridge

More information about the samba-technical mailing list