[PATCH] Do not leave random talloc magic in free()'ed memory, fix abort message
Andrew Bartlett
abartlet at samba.org
Sat Jan 13 06:04:06 UTC 2018
On Fri, 2018-01-12 at 15:02 -0800, Jeremy Allison via samba-technical
wrote:
> On Sat, Jan 13, 2018 at 12:00:19AM +0100, David Disseldorp via samba-technical wrote:
> > On Fri, 12 Jan 2018 13:48:15 +1300, Andrew Bartlett via samba-technical wrote:
> >
> > > + talloc_log("talloc: access after free error - first free may be at %s\n", tc->name);
> >
> > If the talloc_chunk is potentially invalid here, then I'd prefer to
> > avoid logging any strings off it. Should we make this a "...%p\n", tc)
> > instead, or am I being overly paranoid?
>
> One can never be too paranoid with these things. Yep, I missed
> that in the review. +1 for this change :-).
To be clear, this is not a change (except when it wasn't working), this
has been the behaviour of talloc since inception.
The location of the previous free() has been invaluable for debugging
in the past, I would not like this to be lost so quickly.
While it is 'invalid', it must have been a talloc object, it has
exactly the right magic for a past talloc object. We are also just
about to abort(), so a sigsegv is no real worry.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list