Fix valgrind error in dbwrap_rbt where rec_priv->node was

being accessed after free. VALOKER PLEASE CHECK THIS VERY
CAREFULLY !!!! This is a correct fix in that it fixes the
valgrind error, but it looks inelegant to me. I think if
I understood this code better I could craft a more subtle
fix. Still looking at it....
Jeremy.
(This used to be commit 12cce3be2a24fd72106d747890caf6c7f29db43d)

diff --git a/source3/lib/dbwrap_rbt.c b/source3/lib/dbwrap_rbt.c
index df568a04105c329e480d9d2ffc8fab35abf40f55..15d9b67414a389c5fcb21aa3959c134cc6e543ef 100644 (file)
--- a/source3/lib/dbwrap_rbt.c
+++ b/source3/lib/dbwrap_rbt.c
@@ -68,6 +68,8 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
 
        TDB_DATA this_key, this_val;
 
+       bool del_old_keyval = false;
+
        if (rec_priv->node != NULL) {
 
                /*
@@ -95,7 +97,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
                 */
 
                rb_erase(&rec_priv->node->rb_node, &rec_priv->db_ctx->tree);
-               SAFE_FREE(rec_priv->node);
+               del_old_keyval = true;
        }
 
        node = (struct db_rbt_node *)SMB_MALLOC(
@@ -103,6 +105,9 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
                + data.dsize);
 
        if (node == NULL) {
+               if (del_old_keyval) {
+                       SAFE_FREE(rec_priv->node);
+               }
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -152,6 +157,10 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
        rb_link_node(&node->rb_node, parent, p);
        rb_insert_color(&node->rb_node, &rec_priv->db_ctx->tree);
 
+       if (del_old_keyval) {
+               SAFE_FREE(rec_priv->node);
+       }
+
        return NT_STATUS_OK;
 }