r1202: This hopefully fixes our memory use when unmarshalling strings. The test case

was 'rpcclient -c "enumprinters 2"' with 4000 printers. At some point this
completely exploded in memory usage. For every string we talloc'ed memory up
to the end of the buffer. -> O(n^2).

This survives valgrind with this number of printers. It might also have
influence on winbind with a large number of users.

All those who dare to look at samba3 rpc code, could you please take a look? I
know this is a burden, but I would like comments ;-)))

Volker

diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c
index 0e5a25fe8c2894607927340ab4cb9066c446fa40..92c5b13632a817a9a67c00483e83d8e5127071d0 100644 (file)
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -1101,10 +1101,13 @@ BOOL prs_unistr(const char *name, prs_struct *ps, int depth, UNISTR *str)
 
                /* the test of the value of *ptr helps to catch the circumstance
                   where we have an emtpty (non-existent) string in the buffer */
-               for ( ptr = (uint16 *)q; *ptr && (alloc_len <= max_len); alloc_len++)
+               for ( ptr = (uint16 *)q; *ptr++ && (alloc_len <= max_len); alloc_len++)
                        /* do nothing */ 
                        ;
 
+               if (alloc_len < max_len)
+                       alloc_len += 1;
+
                /* should we allocate anything at all? */
                str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16));
                if ((str->buffer == NULL) && (alloc_len > 0))