summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-03 06:24:38 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:18 -0500
commit58c326809a816703dc516c3022c9c4dbb9d09445 (patch)
tree3900a7b59edf075e09459e0bf5f85097396bd9aa
parentc9932a3a92dd7b8696e4e145c7d7e2c080b46ffb (diff)
downloadsamba-58c326809a816703dc516c3022c9c4dbb9d09445.tar.gz
samba-58c326809a816703dc516c3022c9c4dbb9d09445.tar.bz2
samba-58c326809a816703dc516c3022c9c4dbb9d09445.zip
r4052: fixed a bunch of code to use the type safe _p allocation macros
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
-rw-r--r--source4/auth/auth.c5
-rw-r--r--source4/client/client.c2
-rw-r--r--source4/client/tree.c2
-rw-r--r--source4/lib/util.c17
-rw-r--r--source4/libads/ldap.c4
-rw-r--r--source4/libcli/ldap/ldap_client.c4
-rw-r--r--source4/libcli/namequery.c11
-rw-r--r--source4/libcli/nmblib.c13
-rw-r--r--source4/librpc/idl/security.idl2
-rw-r--r--source4/librpc/ndr/ndr.c2
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c4
-rw-r--r--source4/ntvfs/common/opendb.c14
-rw-r--r--source4/ntvfs/ntvfs_base.c4
-rw-r--r--source4/param/params.c2
-rw-r--r--source4/rpc_server/dcerpc_server.c4
-rw-r--r--source4/rpc_server/spoolss/dcesrv_spoolss.c6
-rw-r--r--source4/rpc_server/srvsvc/dcesrv_srvsvc.c20
-rw-r--r--source4/torture/locktest.c2
-rw-r--r--source4/torture/locktest2.c2
-rw-r--r--source4/torture/nsstest.c2
-rw-r--r--source4/torture/rpc/lsa.c4
-rw-r--r--source4/torture/rpc/samr.c4
-rw-r--r--source4/torture/torture.c2
23 files changed, 77 insertions, 55 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index 1254e26a73..33f3020382 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -400,7 +400,7 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
}
/* the list of currently registered AUTH backends */
-static struct {
+static struct auth_backend {
const struct auth_operations *ops;
} *backends = NULL;
static int num_backends;
@@ -423,7 +423,8 @@ NTSTATUS auth_register(const void *_ops)
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- backends = Realloc(backends, sizeof(backends[0]) * (num_backends+1));
+
+ backends = realloc_p(backends, struct auth_backend, num_backends+1);
if (!backends) {
smb_panic("out of memory in auth_register");
}
diff --git a/source4/client/client.c b/source4/client/client.c
index d9e995f180..6af145c31e 100644
--- a/source4/client/client.c
+++ b/source4/client/client.c
@@ -1449,7 +1449,7 @@ static int file_find(struct file_list **list, const char *directory,
return -1;
}
}
- entry = (struct file_list *) malloc(sizeof (struct file_list));
+ entry = malloc_p(struct file_list);
if (!entry) {
d_printf("Out of memory in file_find\n");
closedir(dir);
diff --git a/source4/client/tree.c b/source4/client/tree.c
index 94fd93c210..9776ce2ef7 100644
--- a/source4/client/tree.c
+++ b/source4/client/tree.c
@@ -129,7 +129,7 @@ char *get_path(GtkWidget *item)
struct tree_data *make_tree_data(guint32 type, const char *name)
{
- struct tree_data *p = (struct tree_data *)malloc(sizeof(struct tree_data));
+ struct tree_data *p = malloc_p(struct tree_data);
if (p) {
diff --git a/source4/lib/util.c b/source4/lib/util.c
index 2351a98eae..2d149e6e3d 100644
--- a/source4/lib/util.c
+++ b/source4/lib/util.c
@@ -796,3 +796,20 @@ BOOL all_zero(const uint8_t *ptr, uint_t size)
}
return True;
}
+
+/*
+ realloc an array, checking for integer overflow in the array size
+*/
+void *realloc_array(void *ptr, size_t el_size, unsigned count)
+{
+#define MAX_MALLOC_SIZE 0x7fffffff
+ if (count == 0 ||
+ count >= MAX_MALLOC_SIZE/el_size) {
+ return NULL;
+ }
+ if (!ptr) {
+ return malloc(el_size * count);
+ }
+ return realloc(ptr, el_size * count);
+}
+
diff --git a/source4/libads/ldap.c b/source4/libads/ldap.c
index 9de73fcd0a..d4b363cae6 100644
--- a/source4/libads/ldap.c
+++ b/source4/libads/ldap.c
@@ -1592,7 +1592,7 @@ char **ads_pull_strings(ADS_STRUCT *ads,
*num_values = ldap_count_values(values);
- ret = talloc(mem_ctx, sizeof(char *) * (*num_values+1));
+ ret = talloc_array_p(mem_ctx, char *, *num_values+1);
if (!ret) {
ldap_value_free(values);
return NULL;
@@ -1839,7 +1839,7 @@ int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
for (i=0; values[i]; i++)
/* nop */ ;
- (*sids) = talloc(mem_ctx, sizeof(DOM_SID) * i);
+ (*sids) = talloc_array_p(mem_ctx, DOM_SID, i);
if (!(*sids)) {
ldap_value_free_len(values);
return 0;
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 7a72734c57..88c84d880b 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -195,7 +195,7 @@ BOOL ldap_send_msg(struct ldap_connection *conn, struct ldap_message *msg,
(msg->type == LDAP_TAG_UnbindRequest))
return True;
- entry = malloc(sizeof(*entry));
+ entry = malloc_p(struct ldap_queue_entry);
if (entry == NULL)
return False;
@@ -243,7 +243,7 @@ static struct ldap_message *recv_from_queue(struct ldap_connection *conn,
static void add_search_entry(struct ldap_connection *conn,
struct ldap_message *msg)
{
- struct ldap_queue_entry *e = malloc(sizeof *e);
+ struct ldap_queue_entry *e = malloc_p(struct ldap_queue_entry);
if (e == NULL)
return;
diff --git a/source4/libcli/namequery.c b/source4/libcli/namequery.c
index 85270c1001..66154ef8f6 100644
--- a/source4/libcli/namequery.c
+++ b/source4/libcli/namequery.c
@@ -63,7 +63,7 @@ static struct node_status *parse_node_status(char *p, int *num_names)
if (*num_names == 0) return NULL;
- ret = (struct node_status *)malloc(sizeof(struct node_status)* (*num_names));
+ ret = malloc_array_p(struct node_status, *num_names);
if (!ret) return NULL;
p++;
@@ -619,7 +619,7 @@ static BOOL resolve_hosts(const char *name,
if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
struct ipv4_addr return_ip;
putip((char *)&return_ip,(char *)hp->h_addr);
- *return_iplist = (struct ipv4_addr *)malloc(sizeof(struct ipv4_addr));
+ *return_iplist = malloc_p(struct ipv4_addr);
if(*return_iplist == NULL) {
DEBUG(3,("resolve_hosts: malloc fail !\n"));
return False;
@@ -657,7 +657,7 @@ static BOOL internal_resolve_name(TALLOC_CTX *mem_ctx, const char *name, int nam
DEBUG(10, ("internal_resolve_name: looking up %s#%x\n", name, name_type));
if (allzeros || allones || is_address) {
- *return_iplist = (struct ipv4_addr *)malloc(sizeof(struct ipv4_addr));
+ *return_iplist = malloc_p(struct ipv4_addr);
if(*return_iplist == NULL) {
DEBUG(3,("internal_resolve_name: malloc fail !\n"));
return False;
@@ -731,8 +731,7 @@ static BOOL internal_resolve_name(TALLOC_CTX *mem_ctx, const char *name, int nam
controllers including the PDC in iplist[1..n]. Iterating over
the iplist when the PDC is down will cause two sets of timeouts. */
- if (*return_count && (nodupes_iplist = (struct ipv4_addr *)
- malloc(sizeof(struct ipv4_addr) * (*return_count)))) {
+ if (*return_count && (nodupes_iplist = malloc_array_p(struct ipv4_addr, *return_count))) {
int nodupes_count = 0;
/* Iterate over return_iplist looking for duplicates */
@@ -1156,7 +1155,7 @@ BOOL get_dc_list(TALLOC_CTX *mem_ctx, const char *domain, struct ipv4_addr **ip_
if ( (num_addresses == 0) && !done_auto_lookup )
return internal_resolve_name(mem_ctx, domain, 0x1C, ip_list, count);
- return_iplist = (struct ipv4_addr *)malloc(num_addresses * sizeof(struct ipv4_addr));
+ return_iplist = malloc_array_p(struct ipv4_addr, num_addresses);
if (return_iplist == NULL) {
DEBUG(3,("get_dc_list: malloc fail !\n"));
diff --git a/source4/libcli/nmblib.c b/source4/libcli/nmblib.c
index 06030f9aca..70c6fab8da 100644
--- a/source4/libcli/nmblib.c
+++ b/source4/libcli/nmblib.c
@@ -548,24 +548,21 @@ static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
if (nmb->answers)
{
- if((copy_nmb->answers = (struct res_rec *)
- malloc(nmb->header.ancount * sizeof(struct res_rec))) == NULL)
+ if((copy_nmb->answers = malloc_array_p(struct res_rec, nmb->header.ancount)) == NULL)
goto free_and_exit;
memcpy((char *)copy_nmb->answers, (char *)nmb->answers,
nmb->header.ancount * sizeof(struct res_rec));
}
if (nmb->nsrecs)
{
- if((copy_nmb->nsrecs = (struct res_rec *)
- malloc(nmb->header.nscount * sizeof(struct res_rec))) == NULL)
+ if((copy_nmb->nsrecs = malloc_array_p(struct res_rec, nmb->header.nscount)) == NULL)
goto free_and_exit;
memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs,
nmb->header.nscount * sizeof(struct res_rec));
}
if (nmb->additional)
{
- if((copy_nmb->additional = (struct res_rec *)
- malloc(nmb->header.arcount * sizeof(struct res_rec))) == NULL)
+ if((copy_nmb->additional = malloc_array_p(struct res_rec, nmb->header.arcount)) == NULL)
goto free_and_exit;
memcpy((char *)copy_nmb->additional, (char *)nmb->additional,
nmb->header.arcount * sizeof(struct res_rec));
@@ -591,7 +588,7 @@ static struct packet_struct *copy_dgram_packet(struct packet_struct *packet)
{
struct packet_struct *pkt_copy;
- if(( pkt_copy = (struct packet_struct *)malloc(sizeof(*packet))) == NULL)
+ if(( pkt_copy = malloc_p(struct packet_struct)) == NULL)
{
DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
return NULL;
@@ -663,7 +660,7 @@ struct packet_struct *parse_packet(char *buf,int length,
struct packet_struct *p;
BOOL ok=False;
- p = (struct packet_struct *)malloc(sizeof(*p));
+ p = malloc_p(struct packet_struct);
if (!p) return(NULL);
p->next = NULL;
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 1ef1783073..90ae3d3028 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -184,7 +184,7 @@ interface security
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
- uint32 num_aces;
+ [range(0,1000)] uint32 num_aces;
security_ace aces[num_aces];
} security_acl;
diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c
index 71019030ac..857e171224 100644
--- a/source4/librpc/ndr/ndr.c
+++ b/source4/librpc/ndr/ndr.c
@@ -125,7 +125,7 @@ struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx)
{
struct ndr_push *ndr;
- ndr = talloc(mem_ctx, sizeof(*ndr));
+ ndr = talloc_p(mem_ctx, struct ndr_push);
if (!ndr) {
return NULL;
}
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 7e581992fa..844746e322 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -70,7 +70,7 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
}
}
- p->security_state.auth_info = talloc(p, sizeof(*p->security_state.auth_info));
+ p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
if (!p->security_state.auth_info) {
status = NT_STATUS_NO_MEMORY;
goto done;
@@ -150,7 +150,7 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
}
}
- p->security_state.auth_info = talloc(p, sizeof(*p->security_state.auth_info));
+ p->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
if (!p->security_state.auth_info) {
status = NT_STATUS_NO_MEMORY;
goto done;
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index 8947a5d255..57beba8c68 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -222,7 +222,6 @@ NTSTATUS odb_open_file(struct odb_lock *lck, void *file_handle,
struct odb_context *odb = lck->odb;
TDB_DATA dbuf;
struct odb_entry e;
- char *tp;
int i, count;
struct odb_entry *elist;
@@ -249,13 +248,13 @@ NTSTATUS odb_open_file(struct odb_lock *lck, void *file_handle,
}
}
- tp = Realloc(dbuf.dptr, (count+1) * sizeof(struct odb_entry));
- if (tp == NULL) {
+ elist = realloc_p(dbuf.dptr, struct odb_entry, count+1);
+ if (elist == NULL) {
if (dbuf.dptr) free(dbuf.dptr);
return NT_STATUS_NO_MEMORY;
}
- dbuf.dptr = tp;
+ dbuf.dptr = (char *)elist;
dbuf.dsize = (count+1) * sizeof(struct odb_entry);
memcpy(dbuf.dptr + (count*sizeof(struct odb_entry)),
@@ -279,7 +278,6 @@ NTSTATUS odb_open_file_pending(struct odb_lock *lck, void *private)
struct odb_context *odb = lck->odb;
TDB_DATA dbuf;
struct odb_entry e;
- char *tp;
struct odb_entry *elist;
int count;
@@ -299,13 +297,13 @@ NTSTATUS odb_open_file_pending(struct odb_lock *lck, void *private)
elist = (struct odb_entry *)dbuf.dptr;
count = dbuf.dsize / sizeof(struct odb_entry);
- tp = Realloc(dbuf.dptr, (count+1) * sizeof(struct odb_entry));
- if (tp == NULL) {
+ elist = realloc_p(dbuf.dptr, struct odb_entry, count+1);
+ if (elist == NULL) {
if (dbuf.dptr) free(dbuf.dptr);
return NT_STATUS_NO_MEMORY;
}
- dbuf.dptr = tp;
+ dbuf.dptr = (char *)elist;
dbuf.dsize = (count+1) * sizeof(struct odb_entry);
memcpy(dbuf.dptr + (count*sizeof(struct odb_entry)),
diff --git a/source4/ntvfs/ntvfs_base.c b/source4/ntvfs/ntvfs_base.c
index 136ef14e4c..ca6fbf0de8 100644
--- a/source4/ntvfs/ntvfs_base.c
+++ b/source4/ntvfs/ntvfs_base.c
@@ -32,7 +32,7 @@
/* the list of currently registered NTVFS backends, note that there
* can be more than one backend with the same name, as long as they
* have different typesx */
-static struct {
+static struct ntvfs_backend {
const struct ntvfs_ops *ops;
} *backends = NULL;
static int num_backends;
@@ -57,7 +57,7 @@ NTSTATUS ntvfs_register(const void *_ops)
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- backends = Realloc(backends, sizeof(backends[0]) * (num_backends+1));
+ backends = realloc_p(backends, struct ntvfs_backend, num_backends+1);
if (!backends) {
smb_panic("out of memory in ntvfs_register");
}
diff --git a/source4/param/params.c b/source4/param/params.c
index 2a0cd13682..a31d8d1b60 100644
--- a/source4/param/params.c
+++ b/source4/param/params.c
@@ -522,7 +522,7 @@ static myFILE *OpenConfFile( const char *FileName )
int lvl = in_client?1:0;
myFILE *ret;
- ret = (myFILE *)malloc(sizeof(*ret));
+ ret = malloc_p(myFILE);
if (!ret) return NULL;
ret->buf = file_load(FileName, &ret->size);
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 3d34a7e1c0..d11d5dddd8 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1086,7 +1086,7 @@ static void dcesrv_exit(struct server_service *service, const char *reason)
/* the list of currently registered DCERPC endpoint servers.
*/
-static struct {
+static struct ep_server {
struct dcesrv_endpoint_server *ep_server;
} *ep_servers = NULL;
static int num_ep_servers;
@@ -1110,7 +1110,7 @@ NTSTATUS dcerpc_register_ep_server(const void *_ep_server)
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- ep_servers = Realloc(ep_servers, sizeof(ep_servers[0]) * (num_ep_servers+1));
+ ep_servers = realloc_p(ep_servers, struct ep_server, num_ep_servers+1);
if (!ep_servers) {
smb_panic("out of memory in dcerpc_register");
}
diff --git a/source4/rpc_server/spoolss/dcesrv_spoolss.c b/source4/rpc_server/spoolss/dcesrv_spoolss.c
index 028471a715..17c23dcba8 100644
--- a/source4/rpc_server/spoolss/dcesrv_spoolss.c
+++ b/source4/rpc_server/spoolss/dcesrv_spoolss.c
@@ -33,7 +33,7 @@ static WERROR spoolss_EnumPrinters1(TALLOC_CTX *mem_ctx,
struct spoolss_PrinterInfo1 *info;
int i;
- info = talloc(mem_ctx, num_msgs * sizeof(struct spoolss_PrinterInfo1));
+ info = talloc_array_p(mem_ctx, struct spoolss_PrinterInfo1, num_msgs);
if (!info)
return WERR_NOMEM;
@@ -59,7 +59,7 @@ static WERROR spoolss_EnumPrinters2(TALLOC_CTX *mem_ctx,
struct spoolss_PrinterInfo2 *info;
int i;
- info = talloc(mem_ctx, num_msgs * sizeof(struct spoolss_PrinterInfo1));
+ info = talloc_array_p(mem_ctx, struct spoolss_PrinterInfo2, num_msgs);
if (!info)
return WERR_NOMEM;
@@ -102,7 +102,7 @@ static WERROR spoolss_EnumPrinters5(TALLOC_CTX *mem_ctx,
struct spoolss_PrinterInfo5 *info;
int i;
- info = talloc(mem_ctx, num_msgs * sizeof(struct spoolss_PrinterInfo1));
+ info = talloc_array_p(mem_ctx, struct spoolss_PrinterInfo5, num_msgs);
if (!info)
return WERR_NOMEM;
diff --git a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
index d5ecd84f1a..0679ac6e42 100644
--- a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
+++ b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
@@ -904,7 +904,9 @@ static WERROR srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (r->out.ctr.ctr0->count == 0) break;
- r->out.ctr.ctr0->array = talloc(mem_ctx, r->out.ctr.ctr0->count*sizeof(struct srvsvc_NetShareInfo0));
+ r->out.ctr.ctr0->array = talloc_array_p(mem_ctx,
+ struct srvsvc_NetShareInfo0,
+ r->out.ctr.ctr0->count);
WERR_TALLOC_CHECK(r->out.ctr.ctr0->array);
for (i=0;i<r->out.ctr.ctr0->count;i++) {
@@ -926,7 +928,9 @@ static WERROR srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (r->out.ctr.ctr1->count == 0) break;
- r->out.ctr.ctr1->array = talloc(mem_ctx, r->out.ctr.ctr1->count*sizeof(struct srvsvc_NetShareInfo1));
+ r->out.ctr.ctr1->array = talloc_array_p(mem_ctx,
+ struct srvsvc_NetShareInfo1,
+ r->out.ctr.ctr1->count);
WERR_TALLOC_CHECK(r->out.ctr.ctr1->array);
for (i=0;i<r->out.ctr.ctr1->count;i++) {
@@ -949,7 +953,9 @@ static WERROR srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (r->out.ctr.ctr2->count == 0) break;
- r->out.ctr.ctr2->array = talloc(mem_ctx, r->out.ctr.ctr2->count*sizeof(struct srvsvc_NetShareInfo2));
+ r->out.ctr.ctr2->array = talloc_array_p(mem_ctx,
+ struct srvsvc_NetShareInfo2,
+ r->out.ctr.ctr2->count);
WERR_TALLOC_CHECK(r->out.ctr.ctr2->array);
for (i=0;i<r->out.ctr.ctr2->count;i++) {
@@ -977,7 +983,9 @@ static WERROR srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (r->out.ctr.ctr501->count == 0) break;
- r->out.ctr.ctr501->array = talloc(mem_ctx, r->out.ctr.ctr501->count*sizeof(struct srvsvc_NetShareInfo501));
+ r->out.ctr.ctr501->array = talloc_array_p(mem_ctx,
+ struct srvsvc_NetShareInfo501,
+ r->out.ctr.ctr501->count);
WERR_TALLOC_CHECK(r->out.ctr.ctr501->array);
for (i=0;i<r->out.ctr.ctr501->count;i++) {
@@ -1001,7 +1009,9 @@ static WERROR srvsvc_NetShareEnum(struct dcesrv_call_state *dce_call, TALLOC_CTX
if (r->out.ctr.ctr502->count == 0) break;
- r->out.ctr.ctr502->array = talloc(mem_ctx, r->out.ctr.ctr502->count*sizeof(struct srvsvc_NetShareInfo502));
+ r->out.ctr.ctr502->array = talloc_array_p(mem_ctx,
+ struct srvsvc_NetShareInfo502,
+ r->out.ctr.ctr502->count);
WERR_TALLOC_CHECK(r->out.ctr.ctr502->array);
for (i=0;i<r->out.ctr.ctr502->count;i++) {
diff --git a/source4/torture/locktest.c b/source4/torture/locktest.c
index d25625df1e..9c7c363259 100644
--- a/source4/torture/locktest.c
+++ b/source4/torture/locktest.c
@@ -317,7 +317,7 @@ static void test_locks(char *share[NSERVERS])
ZERO_STRUCT(fnum);
ZERO_STRUCT(cli);
- recorded = (struct record *)malloc(sizeof(*recorded) * numops);
+ recorded = malloc_array_p(struct record, numops);
for (n=0; n<numops; n++) {
#if PRESETS
diff --git a/source4/torture/locktest2.c b/source4/torture/locktest2.c
index 7d729ca941..46254ad5e3 100644
--- a/source4/torture/locktest2.c
+++ b/source4/torture/locktest2.c
@@ -359,7 +359,7 @@ static void test_locks(char *share1, char *share2, char *nfspath1, char *nfspath
ZERO_STRUCT(fnum);
ZERO_STRUCT(cli);
- recorded = (struct record *)malloc(sizeof(*recorded) * numops);
+ recorded = malloc_array_p(struct record, numops);
for (n=0; n<numops; n++) {
recorded[n].conn = random() % NCONNECTIONS;
diff --git a/source4/torture/nsstest.c b/source4/torture/nsstest.c
index a82fa05203..376edada56 100644
--- a/source4/torture/nsstest.c
+++ b/source4/torture/nsstest.c
@@ -292,7 +292,7 @@ static void nss_test_initgroups(char *name, gid_t gid)
int i;
NSS_STATUS status;
- groups = (gid_t *)malloc(size * sizeof(gid_t));
+ groups = (gid_t *)malloc_array_p(gid_t, size);
groups[0] = gid;
status = nss_initgroups(name, gid, &groups, &start, &size);
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 83fb02f9d3..f816b5dc1a 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -118,7 +118,7 @@ static BOOL test_LookupNames(struct dcerpc_pipe *p,
sids.count = 0;
sids.sids = NULL;
- names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
+ names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
init_lsa_String(&names[i], tnames->names[i].name.string);
}
@@ -160,7 +160,7 @@ static BOOL test_LookupNames2(struct dcerpc_pipe *p,
sids.count = 0;
sids.sids = NULL;
- names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
+ names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
init_lsa_String(&names[i], tnames->names[i].name.string);
}
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 0fa1bccace..c7456e2fda 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -2136,7 +2136,7 @@ static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
printf("Testing LookupNames\n");
n.in.domain_handle = handle;
n.in.num_names = r.out.sam->count;
- n.in.names = talloc(mem_ctx, r.out.sam->count * sizeof(struct samr_String));
+ n.in.names = talloc_array_p(mem_ctx, struct samr_String, r.out.sam->count);
for (i=0;i<r.out.sam->count;i++) {
n.in.names[i] = r.out.sam->entries[i].name;
}
@@ -2150,7 +2150,7 @@ static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
printf("Testing LookupRids\n");
lr.in.domain_handle = handle;
lr.in.num_rids = r.out.sam->count;
- lr.in.rids = talloc(mem_ctx, r.out.sam->count * sizeof(uint32_t));
+ lr.in.rids = talloc_array_p(mem_ctx, uint32_t, r.out.sam->count);
for (i=0;i<r.out.sam->count;i++) {
lr.in.rids[i] = r.out.sam->entries[i].idx;
}
diff --git a/source4/torture/torture.c b/source4/torture/torture.c
index f5b45021c5..af5c9a2f8e 100644
--- a/source4/torture/torture.c
+++ b/source4/torture/torture.c
@@ -1422,7 +1422,7 @@ static BOOL run_pipe_number(void)
printf("Opening %d connections\n", torture_numops);
- cli = malloc(sizeof(struct smbcli_state *) * torture_numops);
+ cli = malloc_array_p(struct smbcli_state *, torture_numops);
for (i=0;i<torture_numops;i++) {
if (!torture_open_connection(&cli[i])) {