Bug 15773 - wbcAddNamedBlob. premature copying of the pointer
Summary: wbcAddNamedBlob. premature copying of the pointer
Status: NEW
Alias: None
Product: TALLOC
Classification: Unclassified
Component: libtalloc (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-12-20 04:56 UTC by prohorp
Modified: 2024-12-20 05:56 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description prohorp 2024-12-20 04:56:26 UTC
If function "wbcAddNamedBlob" premature copying of the pointer "*pblobs = blobs"

The pointer is copied 2 times, the first copy is probably a typo.

https://gitlab.com/samba-team/samba/-/blob/master/nsswitch/libwbclient/wbc_util.c#L894

https://gitlab.com/samba-team/samba/-/blob/master/nsswitch/libwbclient/wbc_util.c#L908
Comment 1 prohorp 2024-12-20 05:05:02 UTC
if beetween "*pblobs = blobs" and "*pblobs = blobs" if there is a transition to the "bone" label, then the calling function will make a double release
Comment 2 prohorp 2024-12-20 05:07:33 UTC
(In reply to prohorp from comment #1)

not "bone" but "done".
Misspell
Comment 3 prohorp 2024-12-20 05:56:19 UTC
and move "wbcFreeMemory(old)" https://gitlab.com/samba-team/samba/-/blob/master/nsswitch/libwbclient/wbc_util.c#L892 

  ---   wbcFreeMemory(old);

to end function https://gitlab.com/samba-team/samba/-/blob/master/nsswitch/libwbclient/wbc_util.c#L908 :

	*num_blobs += 1;
  +++   if (*pblobs != NULL) wbcFreeMemory(*pblobs);
	*pblobs = blobs;
	blobs = NULL;