From 6c5c99130462ecddb449e99138c88930003325a3 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Thu, 11 Jun 2009 02:15:28 -0500 Subject: [PATCH] s3: Call va_end() after all va_start()/va_copy() calls. There are error paths in S3 where va_end() is not properly called after va_start() or va_copy() have been called. These issues were noted while performing an inspection for S4 bug #6129. Thanks to Erik Hovland for the original bug report. --- source3/lib/ldb/common/ldb_dn.c | 2 +- source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 1 + source3/lib/util.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/lib/ldb/common/ldb_dn.c b/source3/lib/ldb/common/ldb_dn.c index 09d58555bd4..fb7f3e99f3a 100644 --- a/source3/lib/ldb/common/ldb_dn.c +++ b/source3/lib/ldb/common/ldb_dn.c @@ -362,9 +362,9 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char va_start(ap, new_fmt); strdn = talloc_vasprintf(mem_ctx, new_fmt, ap); + va_end(ap); if (strdn == NULL) return NULL; - va_end(ap); dn = ldb_dn_explode(mem_ctx, strdn); diff --git a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index cb516b6e751..d8fc1627410 100644 --- a/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source3/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -534,6 +534,7 @@ query_int(const struct lsqlite3_private * lsqlite3, /* Format the query */ if ((p = sqlite3_vmprintf(pSql, args)) == NULL) { + va_end(args); return SQLITE_NOMEM; } diff --git a/source3/lib/util.c b/source3/lib/util.c index b85f29e1362..c0bb042d282 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2113,10 +2113,10 @@ void *smb_xmalloc_array(size_t size, unsigned int count) va_copy(ap2, ap); n = vasprintf(ptr, format, ap2); + va_end(ap2); if (n == -1 || ! *ptr) { smb_panic("smb_xvasprintf: out of memory"); } - va_end(ap2); return n; } -- 2.34.1