s3:registry: Avoid a double-free in reg_perfcount

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 6fa96f314fb0e10b92a28f63a83c3cef033f97ed..394930b27a9dddce24fb95f0065364650478d993 100644 (file)
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -186,9 +186,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
        }
        /* First encode the name_index */
        working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
+       /* SMB_REALLOC frees buf1 on error */
        p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
        if (p == NULL) {
-               SAFE_FREE(buf1);
                buffer_size = 0;
                return buffer_size;
        }
@@ -203,9 +203,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
        buffer_size += working_size;
        /* Now encode the actual name */
        working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
+       /* SMB_REALLOC frees buf1 on error */
        p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
        if (p == NULL) {
-               SAFE_FREE(buf1);
                buffer_size = 0;
                return buffer_size;
        }