Fix valgrind error in dbwrap_rbt where rec_priv->node was

being accessed after free. VALOKER PLEASE CHECK THIS VERY
CAREFULLY !!!! This is a correct fix in that it fixes the
valgrind error, but it looks inelegant to me. I think if
I understood this code better I could craft a more subtle
fix. Still looking at it....
Jeremy.
(This used to be commit 12cce3be2a24fd72106d747890caf6c7f29db43d)

1 files changed, 10 insertions, 1 deletions

diff --git a/source3/lib/dbwrap_rbt.c b/source3/lib/dbwrap_rbt.c
index df568a0410..15d9b67414 100644
--- a/source3/lib/dbwrap_rbt.c
+++ b/source3/lib/dbwrap_rbt.c
@@ -68,6 +68,8 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 
 	TDB_DATA this_key, this_val;
 
+	bool del_old_keyval = false;
+
 	if (rec_priv->node != NULL) {
 
 		/*
@@ -95,7 +97,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 		 */
 
 		rb_erase(&rec_priv->node->rb_node, &rec_priv->db_ctx->tree);
-		SAFE_FREE(rec_priv->node);
+		del_old_keyval = true;
 	}
 
 	node = (struct db_rbt_node *)SMB_MALLOC(
@@ -103,6 +105,9 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 		+ data.dsize);
 
 	if (node == NULL) {
+		if (del_old_keyval) {
+			SAFE_FREE(rec_priv->node);
+		}
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -152,6 +157,10 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 	rb_link_node(&node->rb_node, parent, p);
 	rb_insert_color(&node->rb_node, &rec_priv->db_ctx->tree);
 
+	if (del_old_keyval) {
+		SAFE_FREE(rec_priv->node);
+	}
+
 	return NT_STATUS_OK;
 }