diff options
author | Jeremy Allison <jra@samba.org> | 2020-10-20 12:14:58 -0700 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2020-11-09 02:46:49 +0000 |
commit | 6e0aab0b4038255b2d63e8687924a21d77bace91 (patch) | |
tree | ada19e26a51d6aa5c7eb6c86a3417c96140eab71 /lib/talloc | |
parent | 86eb6423bdcedf3433f3dbcf026573a238cf0d87 (diff) | |
download | samba-6e0aab0b4038255b2d63e8687924a21d77bace91.tar.gz |
lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case.
tc_alloc_pool() or the fallback malloc can return NULL.
Wait until we know we are returning a valid pointer
before decrementing pool_hdr->object_count due to
reallocing out of the talloc_pool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/talloc')
-rw-r--r-- | lib/talloc/talloc.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index 54250c1b67d..885705234d4 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -1901,8 +1901,6 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons #if (ALWAYS_REALLOC != 0) if (pool_hdr) { new_ptr = tc_alloc_pool(tc, size + TC_HDR_SIZE, 0); - pool_hdr->object_count--; - if (new_ptr == NULL) { new_ptr = malloc(TC_HDR_SIZE+size); malloced = true; @@ -1912,6 +1910,11 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons if (new_ptr) { memcpy(new_ptr, tc, MIN(tc->size,size) + TC_HDR_SIZE); TC_INVALIDATE_FULL_CHUNK(tc); + /* + * Only decrement the object count in the pool once + * we know we're returning a valid new_ptr. + */ + pool_hdr->object_count--; } } else { /* We're doing malloc then free here, so record the difference. */ |