Another malloc without NULL check
Tim Potter
tpot at valinux.com
Mon Aug 6 02:20:50 GMT 2001
Claudia Moroder writes:
> Hello,
>
> i found two problems with malloc/free
>
> 1. cli_spoolss.c
>
> decode_printer_info_0
>
> inf = malloc(...)
>
> and inf is used without a NULL check.
> It is also strange that all other allocations in this files are made through
> talloc.
Fixed. Thanks for spotting that!
> 2. in clientgen.c
>
> I don't remember the exact position, because now I am in windows , but ..
>
> cli is allocatd with malloc
> few lines later the buffers are allocated with malloc and are tested.
> If one of the buffer allocations fails the function return NULL without
> freeing the first buffer ( if the second failed ) and without releasing cli.
It wouldn't be this would it?
if (!cli->outbuf || !cli->inbuf)
{
return NULL;
}
The correct code should probably be
if (!cli->outbuf)
return NULL;
if (!cli->inbuf) {
free(cli->inbuf);
return NULL;
}
Tim.
More information about the samba-technical
mailing list