| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Coverity null-ref patch - put prs_rpcbuffer_p
back to the way it was (with an additional
coverity paranoia check) - move the real test
into rpcbuf_alloc_size instead.
Jeremy.
|
| | |
| |
| |
| | |
NT_USER_TOKEN*
|
| | |
| |
| |
| |
| |
| | |
net rpc vampire is ugly....
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Jeremy, you might want to take a look here.
Volker
|
| | | |
|
| | |
| |
| |
| |
| | |
on pipe initialization failure.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
pidl...
Fix Coverity # 15.
Volker
|
| | |
| |
| |
| |
| | |
C- "must try harder" :-).
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
Fix Coverity # 214.
Volker
|
| | |
| |
| |
| |
| | |
in the code explicit - but this was a false positive (CID #16).
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
mean the ttl instead.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
Not a bug, but better to remove false positives.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
if we use ./configure --prefix=dir && make install
Vendors might use ./configure --with-rootsbindir=/sbin && make
DESTDIR=/var/tmp/samba/ install if they use a buildroot.
Thanks to Björn Jacke for pointing me at the stderr output of the build
farm.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
problems. Ensure that if the parse succeeds on UNMARSHALL
we have a valid (although possibly empty) RPC_BUFFER returned.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
Thanks,
Volker
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Thanks,
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
checking for
!= NULL. Coverity #149.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If we use free(data.dptr) and then the subsequent tdb_open
fails in _reg_perfcount_get_counter_data() then data.dptr
is left as a non-zero pointer that has been freed. This would
cause it to be reused later on. Coverity bug #162.
Jeremy.
|
| | |
| |
| |
| |
| | |
between Realloc and realloc_array.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
in the pointer aliasing once realloc could change
a pointer. This was in the bugzilla.samba.org database
as #687 but we never figured out what it was !
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
with an existing account.
Guenther
|
| | | |
|
| | |
| |
| |
| |
| | |
Fix machine accounts (should not have valid shells) and users with no
home directory (were getting previous user's directory).
|
| | |
| |
| |
| |
| |
| |
| | |
Not a bug in the strictest sense, more a clarification. This whole routine
assumes new_gid != NULL anyway, so there's no point in checking.
Volker
|
| | |
| |
| |
| |
| |
| | |
This code was not used anyway :-)
Volker
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Guenther
|
| | |
| |
| |
| |
| |
| |
| |
| | |
still
lurking...
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
I think this is actually a false warning, but as I've seen it with high gcc
warning levels, lets fix it :-)
Volker
|
