On Sat, 2005-12-03 at 10:34 +1100, Andrew Bartlett wrote: > ==29202== Invalid free() / delete / delete[] > ==29202== at 0x1B909743: free (vg_replace_malloc.c:152) > ==29202== by 0x8054878: mkt_close (keytab_memory.c:124) > ==29202== by 0x8052EE1: krb5_kt_close (keytab.c:287) > ==29202== by 0x804A524: test_memory_keytab (test_keytab.c:162) > ==29202== by 0x804A5BE: main (test_keytab.c:185) > ==29202== Address 0x1B929E78 is 0 bytes inside a block of size 24 > free'd > ==29202== at 0x1B909743: free (vg_replace_malloc.c:152) > ==29202== by 0x1B909BF9: realloc (vg_replace_malloc.c:190) > ==29202== by 0x8054A72: mkt_remove_entry (keytab_memory.c:217) > ==29202== by 0x8053355: krb5_kt_remove_entry (keytab.c:526) > ==29202== by 0x804A518: test_memory_keytab (test_keytab.c:160) > ==29202== by 0x804A5BE: main (test_keytab.c:185) > ==29202== > > With the attached patch, which as far as I can see is legit, I get > memory corruption under valgrind. And here is the fix. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
--- /data/heimdal/lib/krb5/keytab_memory.c 2005-12-02 07:58:29.000000000 +1100
+++ heimdal/lib/krb5/keytab_memory.c 2005-12-03 11:41:04.000000000 +1100
@@ -214,9 +214,15 @@
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND;
}
- e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
- if(e != NULL)
- d->entries = e;
+ if (d->num_entries == 0) {
+ free(d->entries);
+ d->entries = NULL;
+ } else {
+ e = realloc(d->entries, d->num_entries * sizeof(*d->entries));
+ if(e != NULL)
+ d->entries = e;
+ }
+
return 0;
}
This is a digitally signed message part