[PATCH] s3: Call va_end() after all va_start()/va_copy() calls.

Andrew Kroeger andrew at id10ts.net
Fri Jun 12 08:14:41 GMT 2009 

All:

Please find attached a patch that ensures that va_end() is properly 
called for cleanup after calls to va_start() or va_end().

Sincerely,
Andrew Kroeger
-------------- next part --------------
>From 43cd1c73410cb692d275d03c13aa9c5c80ba7527 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew at id10ts.net>
Date: Thu, 11 Jun 2009 02:15:28 -0500
Subject: [PATCH] s3: Call va_end() after all va_start()/va_copy() calls.

There are error paths in S3 where va_end() is not properly called after
va_start() or va_copy() have been called.

These issues were noted while performing an inspection for S4 bug #6129.  Thanks
to Erik Hovland <erik at hovland.org> for the original bug report.
---
 source3/lib/ldb/common/ldb_dn.c           |    2 +-
 source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c |    1 +
 source3/lib/util.c                        |    2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c
index 09d5855..fb7f3e9 100644
--- a/source3/lib/ldb/common/ldb_dn.c
+++ b/source3/lib/ldb/common/ldb_dn.c
@@ -362,9 +362,9 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char
 
 	va_start(ap, new_fmt);
 	strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
+	va_end(ap);
 	if (strdn == NULL)
 		return NULL;
-	va_end(ap);
 
 	dn = ldb_dn_explode(mem_ctx, strdn);
 
diff --git a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
index cb516b6..d8fc162 100644
--- a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -534,6 +534,7 @@ query_int(const struct lsqlite3_private * lsqlite3,
         
         /* Format the query */
         if ((p = sqlite3_vmprintf(pSql, args)) == NULL) {
+		va_end(args);
                 return SQLITE_NOMEM;
         }
         
diff --git a/source3/lib/util.c b/source3/lib/util.c
index b85f29e..c0bb042 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2113,10 +2113,10 @@ void *smb_xmalloc_array(size_t size, unsigned int count)
 	va_copy(ap2, ap);
 
 	n = vasprintf(ptr, format, ap2);
+	va_end(ap2);
 	if (n == -1 || ! *ptr) {
 		smb_panic("smb_xvasprintf: out of memory");
 	}
-	va_end(ap2);
 	return n;
 }
 
-- 
1.6.0.6

More information about the samba-technical mailing list