s4:torture:smb2: fix a nasty double free error.
Andrew Bartlett
abartlet at samba.org
Thu Oct 27 22:44:32 MDT 2011
On Fri, 2011-10-28 at 02:38 +0200, Michael Adam wrote:
> --- a/source4/torture/smb2/smb2.c
> +++ b/source4/torture/smb2/smb2.c
> @@ -30,17 +30,25 @@ static bool wrap_simple_1smb2_test(struct
> torture_context *torture_ctx,
> {
> bool (*fn) (struct torture_context *, struct smb2_tree *);
> bool ret;
> -
> struct smb2_tree *tree1;
> + TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
>
> if (!torture_smb2_connection(torture_ctx, &tree1))
> return false;
>
> + /*
> + * This is a trick:
> + * The test might close the connection. If we steal the tree
> context
> + * before that and free the parent instead of tree directly,
> we avoid
> + * a double free error.
> + */
> + talloc_steal(mem_ctx, tree1);
> +
> fn = test->fn;
>
> ret = fn(torture_ctx, tree1);
>
> - talloc_free(tree1);
> + talloc_free(mem_ctx);
>
> return ret;
> }
The other way to do this would be to initialise tree1 to:
talloc_unlink(torture_ctx, tree1)
That way, we only unlink tree1 that is a child of torture_ctx. This is
essentially what your patch does, as internally talloc always calls
talloc_unlink(parent, child).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list