From 537c4cf9cdb1f76c317c8fbd12068ce1f3fbbf0b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 18 Dec 2007 16:03:57 -0800
Subject: Fix valgrind error in dbwrap_rbt where rec_priv->node was being
 accessed after free. VALOKER PLEASE CHECK THIS VERY CAREFULLY !!!! This is a
 correct fix in that it fixes the valgrind error, but it looks inelegant to
 me. I think if I understood this code better I could craft a more subtle fix.
 Still looking at it.... Jeremy. (This used to be commit
 12cce3be2a24fd72106d747890caf6c7f29db43d)

---
 source3/lib/dbwrap_rbt.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'source3/lib/dbwrap_rbt.c')

diff --git a/source3/lib/dbwrap_rbt.c b/source3/lib/dbwrap_rbt.c
index df568a0410..15d9b67414 100644
--- a/source3/lib/dbwrap_rbt.c
+++ b/source3/lib/dbwrap_rbt.c
@@ -68,6 +68,8 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 
 	TDB_DATA this_key, this_val;
 
+	bool del_old_keyval = false;
+
 	if (rec_priv->node != NULL) {
 
 		/*
@@ -95,7 +97,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 		 */
 
 		rb_erase(&rec_priv->node->rb_node, &rec_priv->db_ctx->tree);
-		SAFE_FREE(rec_priv->node);
+		del_old_keyval = true;
 	}
 
 	node = (struct db_rbt_node *)SMB_MALLOC(
@@ -103,6 +105,9 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 		+ data.dsize);
 
 	if (node == NULL) {
+		if (del_old_keyval) {
+			SAFE_FREE(rec_priv->node);
+		}
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -152,6 +157,10 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 	rb_link_node(&node->rb_node, parent, p);
 	rb_insert_color(&node->rb_node, &rec_priv->db_ctx->tree);
 
+	if (del_old_keyval) {
+		SAFE_FREE(rec_priv->node);
+	}
+
 	return NT_STATUS_OK;
 }
 
-- 
cgit