diff options
| author | Andrew Tridgell <tridge@samba.org> | 2011-09-01 14:28:10 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2011-09-01 08:54:23 +0200 |
| commit | ccaab14ac423025d1c3188c429832533f19479f1 (patch) | |
| tree | df4501e21853d10ff4f18d06562f8f4ce988a011 /lib | |
| parent | 8d9665d5d15954cd36d1c385384520ce15ab4857 (diff) | |
| download | samba-ccaab14ac423025d1c3188c429832533f19479f1.tar.gz samba-ccaab14ac423025d1c3188c429832533f19479f1.tar.bz2 samba-ccaab14ac423025d1c3188c429832533f19479f1.zip | |
ldb: make the 'spy' code more paranoid
the spy code in ldb_tdb was added a while ago to overcome a memory
hierarchy problem with async ldb errors. Recently we started to get
valgrind errors related to the order of free in the spy code. This
patch ensures that we don't try to use a freed spy pointer. This
prevents the valgrind errors, although I suspect that the memory
hierarchy we have here is more complex than it needs to be
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 1 08:54:23 CEST 2011 on sn-devel-104
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ldb/ldb_tdb/ldb_tdb.c | 14 | ||||
| -rw-r--r-- | lib/ldb/ldb_tdb/ldb_tdb.h | 8 |
2 files changed, 12 insertions, 10 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c index f07a9d2ae7..3630a18594 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/lib/ldb/ldb_tdb/ldb_tdb.c @@ -52,6 +52,12 @@ #include "ldb_tdb.h" #include <lib/tdb_compat/tdb_compat.h> +/* + prevent memory errors on callbacks +*/ +struct ltdb_req_spy { + struct ltdb_context *ctx; +}; /* map a tdb error code to a ldb error code @@ -1221,9 +1227,10 @@ static void ltdb_timeout(struct tevent_context *ev, ltdb_request_done(ctx, LDB_ERR_TIME_LIMIT_EXCEEDED); } - if (!ctx->request_terminated) { + if (ctx->spy) { /* neutralize the spy */ ctx->spy->ctx = NULL; + ctx->spy = NULL; } talloc_free(ctx); } @@ -1318,9 +1325,10 @@ static void ltdb_callback(struct tevent_context *ev, } done: - if (!ctx->request_terminated) { + if (ctx->spy) { /* neutralize the spy */ ctx->spy->ctx = NULL; + ctx->spy = NULL; } talloc_free(ctx); } @@ -1330,7 +1338,9 @@ static int ltdb_request_destructor(void *ptr) struct ltdb_req_spy *spy = talloc_get_type(ptr, struct ltdb_req_spy); if (spy->ctx != NULL) { + spy->ctx->spy = NULL; spy->ctx->request_terminated = true; + spy->ctx = NULL; } return 0; diff --git a/lib/ldb/ldb_tdb/ldb_tdb.h b/lib/ldb/ldb_tdb/ldb_tdb.h index 96ad43fbd6..29856bf827 100644 --- a/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/lib/ldb/ldb_tdb/ldb_tdb.h @@ -33,14 +33,6 @@ struct ltdb_private { bool warn_unindexed; }; -/* - the async local context - holds also internal search state during a full db search -*/ -struct ltdb_req_spy { - struct ltdb_context *ctx; -}; - struct ltdb_context { struct ldb_module *module; struct ldb_request *req; |