lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REA...

author Jeremy Allison <jra@samba.org>

Tue, 20 Oct 2020 19:14:58 +0000 (12:14 -0700)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 9 Nov 2020 02:46:49 +0000 (02:46 +0000)
author Jeremy Allison <jra@samba.org>
Tue, 20 Oct 2020 19:14:58 +0000 (12:14 -0700)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 9 Nov 2020 02:46:49 +0000 (02:46 +0000)
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c

index 54250c1b67d4abfc20a8c57786b71b69c1c427f1..885705234d492daeb324a3beaf6b37c6b71c9f04 100644 (file)
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1901,8 +1901,6 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons
  #if (ALWAYS_REALLOC != 0)
         if (pool_hdr) {
                 new_ptr = tc_alloc_pool(tc, size + TC_HDR_SIZE, 0);
-               pool_hdr->object_count--;
-
                 if (new_ptr == NULL) {
                         new_ptr = malloc(TC_HDR_SIZE+size);
                         malloced = true;
@@ -1912,6 +1910,11 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons
                 if (new_ptr) {
                         memcpy(new_ptr, tc, MIN(tc->size,size) + TC_HDR_SIZE);
                         TC_INVALIDATE_FULL_CHUNK(tc);
+                       /*
+                        * Only decrement the object count in the pool once
+                        * we know we're returning a valid new_ptr.
+                        */
+                       pool_hdr->object_count--;
                 }
         } else {
                 /* We're doing malloc then free here, so record the difference. */
author	Jeremy Allison <jra@samba.org>
	Tue, 20 Oct 2020 19:14:58 +0000 (12:14 -0700)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 9 Nov 2020 02:46:49 +0000 (02:46 +0000)