mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
500bc01478
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693 When globals are re-initialized, they are cleared and globals' talloc context is freed. However, parm_table still contains a reference to the global value in the defaults. This confuses lpcfg_string_free() after commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to free already freed pointer which is passed by lp_save_defaults(): .... case P_STRING: case P_USTRING: lpcfg_string_set(Globals.ctx, &parm_table[i].def.svalue, *(char **)lp_parm_ptr(NULL, &parm_table[i])); .... here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it is a pointer to a value allocated with previous Globals.ctx which already was freed. This specifically affects registry backend of smb.conf in lp_load_ex() where init_globals() called explicitly to re-init globals after lp_save_defaults() if we have registry backend defined. Reviewed-by: Uri Simchoni <uri@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144