Fixes to LDB memory handling
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Dec 17 06:35:39 MST 2010
Hi Simo,
I agree that this change was made a bit inconsiderately. I'm wondering
only about the fact why it has been undiscovered for such a long time
("make test" obviously never broke).
Cheers,
Matthias
simo wrote:
> The handling of frees in that part of the code was done very carefully.
> Randomly freeing stuff i there is certainly going to cause issues, with
> code going to access freed memory.
> In general the code there relies on the fact that all responses are
> ultimately child memory of the original request, so there should never
> be a memory leak, at most freeing data is deferred to later when the
> request is completed.
>
> The free introduced by Matthias is almost certainly wrong.
> The msg is stolen on the response structure and passed to the callbacks,
> at that point we have no idea what happens to it and no right to free
> it.
> A callback may have stolen it to save it for future use or whatever
> else. The fact we return an error has no bearing on what is the destiny
> of that piece of memory. Worst case it is attached to the request and
> will be freed soon enough anyway.
>
> Mathias,
> please run this kind of changes to the core ldb code through me or
> Tridge before pushing.
>
> Andrew, the free you introduced is fine. A callback can do whatever it
> wants with a response structure including leaving it alone, it will be
> eventually freed when the request is terminated. Of course freeing it
> earlier is fine too.
>
> Simo.
>
>
More information about the samba-technical
mailing list