summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Kroeger <andrew@id10ts.net>2009-06-12 13:01:41 +0200
committerAndrew Bartlett <abartlet@samba.org>2009-06-18 13:49:25 +1000
commit71515ba190e90e0250b9de23b7ba871c1dd44f09 (patch)
tree88217cd2054ab02cbdc88aa9df620112572318e0
parentefe6552f0c1b2cf7e7f95987e7c808667166a303 (diff)
downloadsamba-71515ba190e90e0250b9de23b7ba871c1dd44f09.tar.gz
samba-71515ba190e90e0250b9de23b7ba871c1dd44f09.tar.xz
samba-71515ba190e90e0250b9de23b7ba871c1dd44f09.zip
s4: Call va_end() after all va_start()/va_copy() calls.
This corrects the issues reaised in bug #6129, and some others that were not originally identified. It also accounts for some code that was in the original bug report but appears to have since been made common between S3 and S4. Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
-rw-r--r--examples/libsmbclient/smbwrapper/smbw.c14
-rw-r--r--lib/torture/torture.c2
-rw-r--r--libcli/auth/msrpc_parse.c4
-rw-r--r--source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c1
4 files changed, 16 insertions, 5 deletions
diff --git a/examples/libsmbclient/smbwrapper/smbw.c b/examples/libsmbclient/smbwrapper/smbw.c
index e2e44c1f0f4..1356c78d044 100644
--- a/examples/libsmbclient/smbwrapper/smbw.c
+++ b/examples/libsmbclient/smbwrapper/smbw.c
@@ -55,12 +55,9 @@ smbw_ref -- manipulate reference counts
******************************************************/
int smbw_ref(int client_fd, Ref_Count_Type type, ...)
{
- va_list ap;
-
/* client id values begin at SMBC_BASE_FC. */
client_fd -= SMBC_BASE_FD;
- va_start(ap, type);
switch(type)
{
case SMBW_RCT_Increment:
@@ -73,9 +70,16 @@ int smbw_ref(int client_fd, Ref_Count_Type type, ...)
return smbw_ref_count[client_fd];
case SMBW_RCT_Set:
- return (smbw_ref_count[client_fd] = va_arg(ap, int));
+ {
+ va_list ap;
+ int ret;
+
+ va_start(ap, type);
+ ret = (smbw_ref_count[client_fd] = va_arg(ap, int));
+ va_end(ap);
+ return ret;
+ }
}
- va_end(ap);
/* never gets here */
return -1;
diff --git a/lib/torture/torture.c b/lib/torture/torture.c
index 17adce94e57..99447e7e535 100644
--- a/lib/torture/torture.c
+++ b/lib/torture/torture.c
@@ -107,6 +107,7 @@ void torture_comment(struct torture_context *context, const char *comment, ...)
va_start(ap, comment);
tmp = talloc_vasprintf(context, comment, ap);
+ va_end(ap);
context->results->ui_ops->comment(context, tmp);
@@ -126,6 +127,7 @@ void torture_warning(struct torture_context *context, const char *comment, ...)
va_start(ap, comment);
tmp = talloc_vasprintf(context, comment, ap);
+ va_end(ap);
context->results->ui_ops->warning(context, tmp);
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index 9125c1cd787..50e0d5c2f97 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -71,6 +71,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
(smb_ucs2_t **)(void *)&pointers[i].data,
s, &n);
if (!ret) {
+ va_end(ap);
return false;
}
pointers[i].length = n;
@@ -84,6 +85,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
pointers, (char **)(void *)&pointers[i].data,
s, &n);
if (!ret) {
+ va_end(ap);
return false;
}
pointers[i].length = n;
@@ -99,6 +101,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
(smb_ucs2_t **)(void *)&pointers[i].data,
s, &n);
if (!ret) {
+ va_end(ap);
return false;
}
pointers[i].length = n;
@@ -192,6 +195,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx,
/* a helpful macro to avoid running over the end of our blob */
#define NEED_DATA(amount) \
if ((head_ofs + amount) > blob->length) { \
+ va_end(ap); \
return false; \
}
diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
index 8acbac4cc3a..d0573d389e9 100644
--- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -485,6 +485,7 @@ query_int(const struct lsqlite3_private * lsqlite3,
/* Format the query */
if ((p = sqlite3_vmprintf(pSql, args)) == NULL) {
+ va_end(args);
return SQLITE_NOMEM;
}