RHEL6 init.d script (was Re: Initscript Debian Wheezy)
Stefan (metze) Metzmacher
metze at samba.org
Tue Sep 11 16:09:36 MDT 2012
Am 11.09.2012 23:51, schrieb Jeremy Allison:
> On Tue, Sep 11, 2012 at 11:43:14PM +0200, Stefan (metze) Metzmacher wrote:
>>
>> I think we never set state->pp_self_ref to NULL
>> but still call TALLOC_FREE(state->pp_self_ref);
>> in some error cases.
>
> I just did a git grep and searched for all
> uses of 'TALLOC_FREE(state->pp_self_ref);'
>
> In *every* case this is only called after
> the comment:
>
> /* we want to keep the session */
>
> So we only ever see it used in the code path:
>
> /* we want to keep the session */
> TALLOC_FREE(state->pp_self_ref);
> tevent_req_done(req);
> return;
>
> Check it out. It's never called in any error case - by
> design (as I recall when I wrote this code :-).
>
>> Which might trigger a double free.
>> so when we set (*pp_state)->session = NULL,
>> we should also sete (*pp_state)->pp_self_ref = NULL.
>> Otherwise we still leave an invalid pointer.
>
> Nope, still don't see it.
It might not happen, but it's at least very confusing
and might cause problems in future.
After the destructor returns (*pp_state)->pp_self_ref points
to invalid memory currently.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120912/3f165aa6/attachment.pgp>
More information about the samba-technical
mailing list