Detected by Coverity 5.5.1 running against current master branch (2011-11-08) of samba 344/* panic if we get a bad magic value */ 345static inline struct talloc_chunk *talloc_chunk_from_ptr(const void *ptr) 346{ 347 const char *pp = (const char *)ptr; 348 struct talloc_chunk *tc = discard_const_p(struct talloc_chunk, pp - TC_HDR_SIZE); 349 if (unlikely((tc->flags & (TALLOC_FLAG_FREE | ~0xF)) != TALLOC_MAGIC)) { CID 10924: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)(tc->flags & 4294963200U /* ~0xfff */) == 0xe814ec70U is always false regardless of the values of its operands. This occurs as the logical operand of if. 350 if ((tc->flags & (~0xFFF)) == TALLOC_MAGIC_BASE) { 351 talloc_abort_magic(tc->flags & (~0xF)); 352 return NULL; 353 } 354 355 if (tc->flags & TALLOC_FLAG_FREE) { 356 talloc_log("talloc: access after free error - first free may be at %s\n", tc->name); 357 talloc_abort_access_after_free(); 358 return NULL; 359 } else { 360 talloc_abort_unknown_value(); 361 return NULL; 362 } 363 } 364 return tc; 365}
Made invalid/fixed by commit 30ea897194c68c149d4986b22a5d964454bec258