RHEL6 init.d script (was Re: Initscript Debian Wheezy)
Jeremy Allison
jra at samba.org
Tue Sep 11 17:05:56 MDT 2012
On Wed, Sep 12, 2012 at 12:09:36AM +0200, Stefan (metze) Metzmacher wrote:
>
> It might not happen, but it's at least very confusing
> and might cause problems in future.
Ok, *now* you're making sense :-). Thanks for admitting
the real problem :-).
> After the destructor returns (*pp_state)->pp_self_ref points
> to invalid memory currently.
But the destructor only fires in one of 2 cases.
1).
/* we want to keep the session */
TALLOC_FREE(state->pp_self_ref);
tevent_req_nterror(req, status);
return;
The tevent_req_nterror will free the req and then
also the state.
2).
Shutdown where state->session is being
freed outside of the sessionsetup being
shut down. As the state destructor only
ever calls TALLOC_FREE(state->session)
and the pp_self_ref_destructor has set
(*pp_state)->session = NULL; if the
in-flight session was freed first, then
it doesn't matter (*pp_state)->pp_self_ref
is pointing to freed memory, no one is
ever going to touch it again.
So the current code is completely safe
as written.
But I'll add nulling out (*pp_state)->pp_self_ref
in the destructor to make it explicit no one
is going to access this again.
Jeremy
More information about the samba-technical
mailing list