Tests for Andrew's talloc security work
Jeremy Allison
jra at samba.org
Fri Sep 4 18:18:09 UTC 2015
On Fri, Sep 04, 2015 at 04:03:51PM +1200, Adrian Cochrane wrote:
> +static unsigned int talloc_magic = (
The above is my big problem with this.
It introduces a global static variable
to libtalloc, which causes problems
with threaded programs using talloc.
Currently talloc can be used safely
with threads if you call talloc_disable_null_tracking()
from the main thread before creating
any others, and ensure each thread
only accesses a context created off
the toplevel (NULL) context and
doesn't touch any other context.
Adding the above global static
breaks that - so it's an ABI
breakage IMHO.
Now in common use this variable
is only read, not written, and
only initialized once in a constructor
attribute when the library is loaded,
so this may mitigate the problem.
But I'd need to check that running
existing talloc + threaded programs under
valgrind hellgrind and drd to ensure
we don't get any error messages before
I can be convinced this is safe.
So NAK for now I'm afraid.
Jeremy.
More information about the samba-technical
mailing list