From ff2b7d42e685d015f281fc525c745242e84ba54d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 2 Apr 2010 11:59:49 +1100
Subject: talloc: limit the depth that talloc will go for talloc_is_parent()

We have a bug in the dcerpc registry code that can cause a talloc loop
that chews unlimited CPU because of talloc_is_parent() during a
talloc_free()
---
 lib/talloc/talloc.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'lib/talloc')

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index f7b1ac3dbd..51a002369c 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1974,7 +1974,7 @@ void talloc_show_parents(const void *context, FILE *file)
 /*
   return 1 if ptr is a parent of context
 */
-int talloc_is_parent(const void *context, const void *ptr)
+static int _talloc_is_parent(const void *context, const void *ptr, int depth)
 {
 	struct talloc_chunk *tc;
 
@@ -1983,12 +1983,21 @@ int talloc_is_parent(const void *context, const void *ptr)
 	}
 
 	tc = talloc_chunk_from_ptr(context);
-	while (tc) {
+	while (tc && depth > 0) {
 		if (TC_PTR_FROM_CHUNK(tc) == ptr) return 1;
 		while (tc && tc->prev) tc = tc->prev;
 		if (tc) {
 			tc = tc->parent;
+			depth--;
 		}
 	}
 	return 0;
 }
+
+/*
+  return 1 if ptr is a parent of context
+*/
+int talloc_is_parent(const void *context, const void *ptr)
+{
+	return _talloc_is_parent(context, ptr, 10000);
+}
-- 
cgit