s4:torture:smb2: fix a nasty double free error.
Andrew Bartlett
abartlet at samba.org
Fri Oct 28 00:45:57 MDT 2011
On Fri, 2011-10-28 at 08:40 +0200, Stefan (metze) Metzmacher wrote:
> Am 28.10.2011 06:44, schrieb Andrew Bartlett:
> > The other way to do this would be to initialise tree1 to:
> >
> > talloc_unlink(torture_ctx, tree1)
> >
> > That way, we only unlink tree1 that is a child of torture_ctx. This is
> > essentially what your patch does, as internally talloc always calls
> > talloc_unlink(parent, child).
>
> I don't understand that, if tree1 points to invalid memory,
> we would still have problem. And with the parent free we can avoid the
> impact
> of talloc_reference(), also this code can't assume torture_ctx is the direct
> parent of tree1.
Indeed. Entirely correct.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list