After converting the rpc infratructure to talloc, read_from_internal_pipe freed
the outdata too early. If the last fragment was read in two pieces (as
rpcclient does it), all the outdata was freed during the read of the first
piece of the read of the last fragment. Later read&x calls, trying to read the
rest of the last fragment stepped into p->out_data.frag with non-zero offset
when this was already freed.
* current_pdu_sent. */
p->out_data.current_pdu_sent = 0;
prs_mem_free(&p->out_data.frag);
- }
- if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
- /*
- * We're completely finished with both outgoing and
- * incoming data streams. It's safe to free all temporary
- * data from this request.
- */
- free_pipe_context(p);
+ if (p->out_data.data_sent_length
+ >= prs_offset(&p->out_data.rdata)) {
+ /*
+ * We're completely finished with both outgoing and
+ * incoming data streams. It's safe to free all
+ * temporary data from this request.
+ */
+ free_pipe_context(p);
+ }
}
return data_returned;