s3: Call va_end() after all va_start()/va_copy() calls.

There are error paths in S3 where va_end() is not properly called after
va_start() or va_copy() have been called.

These issues were noted while performing an inspection for S4 bug #6129.  Thanks
to Erik Hovland <erik@hovland.org> for the original bug report.

diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c
index 09d58555bd4583df128956fe07be7823935f15db..fb7f3e99f3afbf94bfceea2078989d1eb9db1dc5 100644 (file)
--- a/source3/lib/ldb/common/ldb_dn.c
+++ b/source3/lib/ldb/common/ldb_dn.c
@@ -362,9 +362,9 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char
 
        va_start(ap, new_fmt);
        strdn = talloc_vasprintf(mem_ctx, new_fmt, ap);
+       va_end(ap);
        if (strdn == NULL)
                return NULL;
-       va_end(ap);
 
        dn = ldb_dn_explode(mem_ctx, strdn);
 

diff --git a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
index cb516b6e751b3d9d0c7d77faa77f3c44ebcab15d..d8fc1627410c5119226cc82a4f5032ec78e30301 100644 (file)
--- a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -534,6 +534,7 @@ query_int(const struct lsqlite3_private * lsqlite3,
         
         /* Format the query */
         if ((p = sqlite3_vmprintf(pSql, args)) == NULL) {
+               va_end(args);
                 return SQLITE_NOMEM;
         }
         

diff --git a/source3/lib/util.c b/source3/lib/util.c
index b85f29e1362e9c8a200499aa4a6ee37bd2b2b965..c0bb042d28256aa7d91b39c8700f461d4364e8dd 100644 (file)
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2113,10 +2113,10 @@ void *smb_xmalloc_array(size_t size, unsigned int count)
        va_copy(ap2, ap);
 
        n = vasprintf(ptr, format, ap2);
+       va_end(ap2);
        if (n == -1 || ! *ptr) {
                smb_panic("smb_xvasprintf: out of memory");
        }
-       va_end(ap2);
        return n;
 }