talloc: don't allow a talloc_pool inside a talloc_pool.

We explicitly call free() on a pool which falls to zero, assuming it's
not inside another pool (we crash).  Check on creation and explicitly
document this case.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 345f212963510be1289e15f9055b569e0c23c2a0..18ee548095792a838687b421e5ad96bcb433e7ef 100644 (file)
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -604,6 +604,13 @@ _PUBLIC_ void *talloc_pool(const void *context, size_t size)
        }
 
        pool_tc = (union talloc_pool_chunk *)talloc_chunk_from_ptr(result);
+       if (unlikely(pool_tc->hdr.c.flags & TALLOC_FLAG_POOLMEM)) {
+               /* We don't handle this correctly, so fail. */
+               talloc_log("talloc: cannot allocate pool off another pool %s\n",
+                          talloc_get_name(context));
+               talloc_free(result);
+               return NULL;
+       }
        pool_tc->hdr.c.flags |= TALLOC_FLAG_POOL;
        pool_tc->hdr.c.pool = tc_pool_first_chunk(pool_tc);
 

diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h
index 05e6292405dff9ab7e4c145513db0c899661c953..e48dc09a400837ff819bc9f208f209fa73466aac 100644 (file)
--- a/lib/talloc/talloc.h
+++ b/lib/talloc/talloc.h
@@ -839,7 +839,8 @@ void *talloc_find_parent_bytype(const void *ptr, #type);
  * talloc pool to a talloc parent outside the pool, the whole pool memory is
  * not free(3)'ed until that moved chunk is also talloc_free()ed.
  *
- * @param[in]  context  The talloc context to hang the result off.
+ * @param[in]  context  The talloc context to hang the result off (must not
+ *                     be another pool).
  *
  * @param[in]  size     Size of the talloc pool.
  *