r1202: This hopefully fixes our memory use when unmarshalling strings. The test case

was 'rpcclient -c "enumprinters 2"' with 4000 printers. At some point this
completely exploded in memory usage. For every string we talloc'ed memory up
to the end of the buffer. -> O(n^2).

This survives valgrind with this number of printers. It might also have
influence on winbind with a large number of users.

All those who dare to look at samba3 rpc code, could you please take a look? I
know this is a burden, but I would like comments ;-)))

Volker
(This used to be commit af251f4ea63c584604972e1c8add83e65046de80)

1 files changed, 4 insertions, 1 deletions

diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 0e5a25fe8c..92c5b13632 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1101,10 +1101,13 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
 
 		/* the test of the value of *ptr helps to catch the circumstance
 		   where we have an emtpty (non-existent) string in the buffer */
-		for ( ptr = (uint16 *)q; *ptr && (alloc_len <= max_len); alloc_len++)
+		for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
 			/* do nothing */ 
 			;
 
+		if (alloc_len < max_len)
+			alloc_len += 1;
+
 		/* should we allocate anything at all? */
 		str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16));
 		if ((str->buffer == NULL) && (alloc_len > 0))