From ddc10d4d37984246a6547e34a32d629c689c40d1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 6 Jan 2005 03:06:58 +0000
Subject: [PATCH] r4549: got rid of a lot more uses of plain talloc(), instead
 using talloc_size() or talloc_array_p() where appropriate.

also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
---
 source4/build/pidl/server.pm              |  2 +-
 source4/build/pidl/stub.pm                |  2 +-
 source4/dsdb/samdb/samdb.c                |  7 +++----
 source4/ldap_server/ldap_parse.c          |  4 ++--
 source4/lib/data_blob.c                   |  2 +-
 source4/lib/genrand.c                     |  2 +-
 source4/lib/registry/common/reg_util.c    |  2 +-
 source4/lib/registry/reg_backend_nt4.c    |  2 +-
 source4/lib/talloc/talloc.h               |  1 +
 source4/lib/talloc/testsuite.c            | 18 +++++++++---------
 source4/lib/util_str.c                    |  8 ++++----
 source4/libcli/auth/ntlmssp.c             |  2 +-
 source4/libcli/ldap/ldap.c                |  8 ++++----
 source4/libcli/ldap/ldap_client.c         |  2 +-
 source4/libcli/raw/clitransport.c         |  4 ++--
 source4/libcli/raw/rawrequest.c           |  2 +-
 source4/libcli/raw/rawtrans.c             |  8 ++++----
 source4/libcli/security/dom_sid.c         |  2 +-
 source4/libcli/util/asn1.c                |  4 ++--
 source4/librpc/ndr/ndr.c                  |  2 +-
 source4/librpc/rpc/dcerpc.c               |  4 ++--
 source4/ntvfs/ntvfs_generic.c             | 11 +++++++----
 source4/ntvfs/posix/pvfs_rename.c         |  2 +-
 source4/ntvfs/posix/pvfs_resolve.c        |  2 +-
 source4/ntvfs/posix/pvfs_util.c           |  3 ++-
 source4/param/loadparm.c                  |  2 +-
 source4/rpc_server/echo/rpc_echo.c        |  3 +--
 source4/rpc_server/remote/dcesrv_remote.c |  2 +-
 source4/smb_server/reply.c                |  6 +++---
 source4/smb_server/request.c              |  2 +-
 source4/smb_server/search.c               |  2 +-
 source4/torture/basic/charset.c           |  2 +-
 source4/torture/gentest.c                 |  9 +++++----
 source4/torture/raw/streams.c             |  2 +-
 source4/torture/rpc/echo.c                |  8 ++++----
 source4/torture/rpc/netlogon.c            |  4 ++--
 source4/torture/rpc/samsync.c             |  4 ++--
 source4/torture/rpc/schannel.c            |  4 ++--
 source4/torture/rpc/svcctl.c              |  2 +-
 source4/torture/rpc/xplogin.c             |  3 +--
 source4/utils/getntacl.c                  |  2 +-
 41 files changed, 83 insertions(+), 80 deletions(-)

diff --git a/source4/build/pidl/server.pm b/source4/build/pidl/server.pm
index 9c72df105ba..bbb21f6e18a 100644
--- a/source4/build/pidl/server.pm
+++ b/source4/build/pidl/server.pm
@@ -90,7 +90,7 @@ static NTSTATUS $name\__op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_C
 		return NT_STATUS_NET_WRITE_FAULT;
 	}
 
-	*r = talloc(mem_ctx, dcerpc_table_$name.calls[opnum].struct_size);
+	*r = talloc_size(mem_ctx, dcerpc_table_$name.calls[opnum].struct_size);
 	if (!*r) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source4/build/pidl/stub.pm b/source4/build/pidl/stub.pm
index 42c83a467e0..9ef8004555a 100644
--- a/source4/build/pidl/stub.pm
+++ b/source4/build/pidl/stub.pm
@@ -94,7 +94,7 @@ static NTSTATUS $name\__op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_C
 		return NT_STATUS_NET_WRITE_FAULT;
 	}
 
-	*r = talloc(mem_ctx, dcerpc_table_$name.calls[opnum].struct_size);
+	*r = talloc_size(mem_ctx, dcerpc_table_$name.calls[opnum].struct_size);
 	if (!*r) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 9a677249eb0..d84d07fca67 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -841,12 +841,11 @@ int samdb_msg_add_hash(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg,
 {
 	struct ldb_wrap *sam_ctx = ctx;
 	struct ldb_val val;
-	val.data = talloc(mem_ctx, 16);
-	val.length = 16;
+	val.data = talloc_memdup(mem_ctx, hash.hash, 16);
 	if (!val.data) {
 		return -1;
 	}
-	memcpy(val.data, hash.hash, 16);
+	val.length = 16;
 	return ldb_msg_add_value(sam_ctx->ldb, msg, attr_name, &val);
 }
 
@@ -859,7 +858,7 @@ int samdb_msg_add_hashes(void *ctx, TALLOC_CTX *mem_ctx, struct ldb_message *msg
 	struct ldb_wrap *sam_ctx = ctx;
 	struct ldb_val val;
 	int i;
-	val.data = talloc(mem_ctx, count*16);
+	val.data = talloc_array(mem_ctx, 16, count, __location__);
 	val.length = count*16;
 	if (!val.data) {
 		return -1;
diff --git a/source4/ldap_server/ldap_parse.c b/source4/ldap_server/ldap_parse.c
index d645d241045..5db65ee99c8 100644
--- a/source4/ldap_server/ldap_parse.c
+++ b/source4/ldap_server/ldap_parse.c
@@ -272,7 +272,7 @@ struct ldap_dn *ldap_parse_dn(void *mem_ctx, const char *orig_dn)
 		}
 
 		/* rebuild the normlaized component and put it here */
-		component->component = dest = talloc(component, size);
+		component->component = dest = talloc_size(component, size);
 		for (i = 0; i < component->attr_num; i++) {
 			if (i != 0) {
 				*dest = '+';
@@ -303,7 +303,7 @@ struct ldap_dn *ldap_parse_dn(void *mem_ctx, const char *orig_dn)
 	}
 
 	/* rebuild the normlaized dn and put it here */
-	dn->dn = dest = talloc(dn, size);
+	dn->dn = dest = talloc_size(dn, size);
 	for (i = 0; i < dn->comp_num; i++) {
 		if (i != 0) {
 			*dest = ',';
diff --git a/source4/lib/data_blob.c b/source4/lib/data_blob.c
index 18ecc2793ac..deb8f55fce2 100644
--- a/source4/lib/data_blob.c
+++ b/source4/lib/data_blob.c
@@ -37,7 +37,7 @@ DATA_BLOB data_blob_named(const void *p, size_t length, const char *name)
 	if (p) {
 		ret.data = talloc_memdup(NULL, p, length);
 	} else {
-		ret.data = talloc(NULL, length);
+		ret.data = talloc_size(NULL, length);
 	}
 	if (ret.data == NULL) {
 		ret.length = 0;
diff --git a/source4/lib/genrand.c b/source4/lib/genrand.c
index b4651dffe86..e11f37e0e9f 100644
--- a/source4/lib/genrand.c
+++ b/source4/lib/genrand.c
@@ -268,7 +268,7 @@ char *generate_random_str_list(TALLOC_CTX *mem_ctx, size_t len, const char *list
 	size_t i;
 	size_t list_len = strlen(list);
 
-	char *retstr = talloc(mem_ctx, len + 1);
+	char *retstr = talloc_array_p(mem_ctx, char, len + 1);
 	if (!retstr) return NULL;
 
 	generate_random_buffer((uint8_t *)retstr, len);
diff --git a/source4/lib/registry/common/reg_util.c b/source4/lib/registry/common/reg_util.c
index 3a173691440..67c62fe5c86 100644
--- a/source4/lib/registry/common/reg_util.c
+++ b/source4/lib/registry/common/reg_util.c
@@ -63,7 +63,7 @@ char *reg_val_data_string(TALLOC_CTX *mem_ctx, struct registry_value *v)
 	  return ret;
 
   case REG_BINARY:
-	  ret = talloc(mem_ctx, v->data_len * 3 + 2);
+	  ret = talloc_array(mem_ctx, 3, v->data_len+1, "REG_BINARY");
 	  asciip = ret;
 	  for (i=0; i<v->data_len; i++) { 
 		  int str_rem = v->data_len * 3 - (asciip - ret);
diff --git a/source4/lib/registry/reg_backend_nt4.c b/source4/lib/registry/reg_backend_nt4.c
index 6c48b9bd1b5..cd3be85a23e 100644
--- a/source4/lib/registry/reg_backend_nt4.c
+++ b/source4/lib/registry/reg_backend_nt4.c
@@ -917,7 +917,7 @@ static WERROR vk_to_val(TALLOC_CTX *mem_ctx, struct registry_key *parent, VK_HDR
 
 	if (dat_len&0x7FFFFFFF) {
 
-		char *dtmp = (char *)talloc(mem_ctx, dat_len&0x7FFFFFFF);
+		char *dtmp = talloc_size(mem_ctx, dat_len&0x7FFFFFFF);
 
 		if ((dat_len&0x80000000) == 0) { /* The data is pointed to by the offset */
 			char *dat_ptr = LOCN(regf->base, dat_off);
diff --git a/source4/lib/talloc/talloc.h b/source4/lib/talloc/talloc.h
index ee3e0be8eb3..99a6b7a770d 100644
--- a/source4/lib/talloc/talloc.h
+++ b/source4/lib/talloc/talloc.h
@@ -34,6 +34,7 @@ typedef void TALLOC_CTX;
 
 /* useful macros for creating type checked pointers */
 #define talloc(ctx, size) talloc_named_const(ctx, size, __location__)
+#define talloc_size(ctx, size) talloc_named_const(ctx, size, __location__)
 #define talloc_zero(ctx, size) _talloc_zero(ctx, size, __location__)
 #define talloc_realloc(ctx, ptr, size) _talloc_realloc(ctx, ptr, size, __location__)
 #define talloc_p(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type)
diff --git a/source4/lib/talloc/testsuite.c b/source4/lib/talloc/testsuite.c
index a3a448ef408..ced32171052 100644
--- a/source4/lib/talloc/testsuite.c
+++ b/source4/lib/talloc/testsuite.c
@@ -335,7 +335,7 @@ static BOOL test_misc(void)
 
 	root = talloc_new(NULL);
 
-	p1 = talloc(root, 0x7fffffff);
+	p1 = talloc_size(root, 0x7fffffff);
 	if (p1) {
 		printf("failed: large talloc allowed\n");
 		return False;
@@ -517,7 +517,7 @@ static BOOL test_realloc(void)
 
 	root = talloc_new(NULL);
 
-	p1 = talloc(root, 10);
+	p1 = talloc_size(root, 10);
 	CHECK_SIZE(p1, 10);
 
 	p1 = talloc_realloc(NULL, p1, 20);
@@ -581,7 +581,7 @@ static BOOL test_realloc_child(void)
 
 	printf("TESTING REALLOC WITH CHILD\n");
 
-	root = talloc(NULL, 0);
+	root = talloc_new(NULL);
 
 	el1 = talloc_p(root, struct el1);
 	el1->list = talloc_p(el1, struct el2 *);
@@ -607,7 +607,7 @@ static BOOL test_steal(void)
 
 	printf("TESTING STEAL\n");
 
-	root = talloc(NULL, 0);
+	root = talloc_new(NULL);
 
 	p1 = talloc_array_p(root, char, 10);
 	CHECK_SIZE(p1, 10);
@@ -645,7 +645,7 @@ static BOOL test_steal(void)
 
 	talloc_free(root);
 
-	p1 = talloc(NULL, 3);
+	p1 = talloc_new(NULL);
 	CHECK_SIZE(NULL, 3);
 	talloc_free(p1);
 
@@ -661,7 +661,7 @@ static BOOL test_ldb(void)
 
 	printf("TESTING LDB\n");
 
-	root = talloc(NULL, 0);
+	root = talloc_new(NULL);
 
 	p1 = talloc_realloc_fn(root, NULL, 10);
 	CHECK_BLOCKS(root, 2);
@@ -709,7 +709,7 @@ static BOOL test_unref_reparent(void)
 */
 static BOOL test_speed(void)
 {
-	void *ctx = talloc(NULL, 0);
+	void *ctx = talloc_new(NULL);
 	unsigned count;
 	struct timeval tv;
 
@@ -719,9 +719,9 @@ static BOOL test_speed(void)
 	count = 0;
 	do {
 		void *p1, *p2, *p3;
-		p1 = talloc(ctx, count);
+		p1 = talloc_size(ctx, count);
 		p2 = talloc_strdup(p1, "foo bar");
-		p3 = talloc(p1, 300);
+		p3 = talloc_size(p1, 300);
 		talloc_free(p1);
 		count += 3;
 	} while (timeval_elapsed(&tv) < 5.0);
diff --git a/source4/lib/util_str.c b/source4/lib/util_str.c
index 82481cca264..b3ec27de743 100644
--- a/source4/lib/util_str.c
+++ b/source4/lib/util_str.c
@@ -669,7 +669,7 @@ char *strlower_talloc(TALLOC_CTX *ctx, const char *src)
 
 	/* this takes advantage of the fact that upper/lower can't
 	   change the length of a character by more than 1 byte */
-	dest = talloc(ctx, 2*(strlen(src))+1);
+	dest = talloc_size(ctx, 2*(strlen(src))+1);
 	if (dest == NULL) {
 		return NULL;
 	}
@@ -704,7 +704,7 @@ char *strupper_talloc(TALLOC_CTX *ctx, const char *src)
 
 	/* this takes advantage of the fact that upper/lower can't
 	   change the length of a character by more than 1 byte */
-	dest = talloc(ctx, 2*(strlen(src))+1);
+	dest = talloc_size(ctx, 2*(strlen(src))+1);
 	if (dest == NULL) {
 		return NULL;
 	}
@@ -1030,7 +1030,7 @@ const char *str_format_nbt_domain(TALLOC_CTX *mem_ctx, const char *s)
 	if (!s || !*s) {
 		return talloc_strdup(mem_ctx, "");
 	}
-	ret = talloc(mem_ctx, strlen(s)+2);
+	ret = talloc_size(mem_ctx, strlen(s)+2);
 	if (!ret) {
 		return ret;
 	}
@@ -1133,7 +1133,7 @@ char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib)
 	};
 	char *ret;
 
-	ret = talloc(mem_ctx, ARRAY_SIZE(attr_strs)+1);
+	ret = talloc_size(mem_ctx, ARRAY_SIZE(attr_strs)+1);
 	if (!ret) {
 		return NULL;
 	}
diff --git a/source4/libcli/auth/ntlmssp.c b/source4/libcli/auth/ntlmssp.c
index 6ece0f6df61..7f4a86e2746 100644
--- a/source4/libcli/auth/ntlmssp.c
+++ b/source4/libcli/auth/ntlmssp.c
@@ -109,7 +109,7 @@ void debug_ntlmssp_flags(uint32_t neg_flags)
    
 static const uint8_t *get_challenge(const struct ntlmssp_state *ntlmssp_state)
 {
-	uint8_t *chal = talloc(ntlmssp_state, 8);
+	uint8_t *chal = talloc_size(ntlmssp_state, 8);
 	generate_random_buffer(chal, 8);
 
 	return chal;
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 076d088ee26..b2a6bd957a9 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -660,7 +660,7 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
 static const char *blob2string_talloc(TALLOC_CTX *mem_ctx,
 				      DATA_BLOB blob)
 {
-	char *result = talloc(mem_ctx, blob.length+1);
+	char *result = talloc_size(mem_ctx, blob.length+1);
 	memcpy(result, blob.data, blob.length);
 	result[blob.length] = '\0';
 	return result;
@@ -859,7 +859,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
 			asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
 			pwlen = asn1_tag_remaining(data);
 			if (pwlen != 0) {
-				char *pw = talloc(msg->mem_ctx, pwlen+1);
+				char *pw = talloc_size(msg->mem_ctx, pwlen+1);
 				asn1_read(data, pw, pwlen);
 				pw[pwlen] = '\0';
 				r->creds.password = pw;
@@ -1040,7 +1040,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
 		asn1_start_tag(data,
 			       ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest));
 		len = asn1_tag_remaining(data);
-		dn = talloc(msg->mem_ctx, len+1);
+		dn = talloc_size(msg->mem_ctx, len+1);
 		if (dn == NULL)
 			break;
 		asn1_read(data, dn, len);
@@ -1073,7 +1073,7 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
 			char *newsup;
 			asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
 			len = asn1_tag_remaining(data);
-			newsup = talloc(msg->mem_ctx, len+1);
+			newsup = talloc_size(msg->mem_ctx, len+1);
 			if (newsup == NULL)
 				break;
 			asn1_read(data, newsup, len);
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 9ca9e4b5c42..84fd0f1d645 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -649,7 +649,7 @@ BOOL ldap_find_single_string(struct ldap_message *msg, const char *attr,
 	if (!ldap_find_single_value(msg, attr, &blob))
 		return False;
 
-	*value = talloc(mem_ctx, blob.length+1);
+	*value = talloc_size(mem_ctx, blob.length+1);
 
 	if (*value == NULL)
 		return False;
diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c
index dde77eaeea5..63ff1e44090 100644
--- a/source4/libcli/raw/clitransport.c
+++ b/source4/libcli/raw/clitransport.c
@@ -462,8 +462,8 @@ static void smbcli_transport_process_recv(struct smbcli_transport *transport)
 		if (transport->recv_buffer.received == NBT_HDR_SIZE) {
 			/* we've got a full header */
 			transport->recv_buffer.req_size = smb_len(transport->recv_buffer.header) + NBT_HDR_SIZE;
-			transport->recv_buffer.buffer = talloc(transport,
-							       NBT_HDR_SIZE+transport->recv_buffer.req_size);
+			transport->recv_buffer.buffer = talloc_size(transport,
+								    NBT_HDR_SIZE+transport->recv_buffer.req_size);
 			if (transport->recv_buffer.buffer == NULL) {
 				smbcli_transport_dead(transport);
 				return;
diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c
index 178ccdbf483..b74f066ef46 100644
--- a/source4/libcli/raw/rawrequest.c
+++ b/source4/libcli/raw/rawrequest.c
@@ -83,7 +83,7 @@ struct smbcli_request *smbcli_request_setup_nonsmb(struct smbcli_transport *tran
 	/* over allocate by a small amount */
 	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; 
 
-	req->out.buffer = talloc(req, req->out.allocated);
+	req->out.buffer = talloc_size(req, req->out.allocated);
 	if (!req->out.buffer) {
 		return NULL;
 	}
diff --git a/source4/libcli/raw/rawtrans.c b/source4/libcli/raw/rawtrans.c
index 95555c3a826..0ccecdc2d46 100644
--- a/source4/libcli/raw/rawtrans.c
+++ b/source4/libcli/raw/rawtrans.c
@@ -87,7 +87,7 @@ NTSTATUS smb_raw_trans2_recv(struct smbcli_request *req,
 
 	/* allocate it */
 	if (total_data != 0) {
-		tdata = talloc(mem_ctx, total_data);
+		tdata = talloc_size(mem_ctx, total_data);
 		if (!tdata) {
 			DEBUG(0,("smb_raw_receive_trans: failed to enlarge data buffer to %d bytes\n", total_data));
 			req->status = NT_STATUS_NO_MEMORY;
@@ -97,7 +97,7 @@ NTSTATUS smb_raw_trans2_recv(struct smbcli_request *req,
 	}
 
 	if (total_param != 0) {
-		tparam = talloc(mem_ctx, total_param);
+		tparam = talloc_size(mem_ctx, total_param);
 		if (!tparam) {
 			DEBUG(0,("smb_raw_receive_trans: failed to enlarge param buffer to %d bytes\n", total_param));
 			req->status = NT_STATUS_NO_MEMORY;
@@ -111,7 +111,7 @@ NTSTATUS smb_raw_trans2_recv(struct smbcli_request *req,
 
 	if (parms->out.setup_count > 0) {
 		int i;
-		parms->out.setup = talloc(mem_ctx, 2 * parms->out.setup_count);
+		parms->out.setup = talloc_array(mem_ctx, 2, parms->out.setup_count, "setup");
 		if (!parms->out.setup) {
 			req->status = NT_STATUS_NO_MEMORY;
 			return smbcli_request_destroy(req);
@@ -439,7 +439,7 @@ NTSTATUS smb_raw_nttrans_recv(struct smbcli_request *req,
 
 	if (parms->out.setup_count > 0) {
 		int i;
-		parms->out.setup = talloc(mem_ctx, 2 * parms->out.setup_count);
+		parms->out.setup = talloc_array(mem_ctx, 2, parms->out.setup_count, "setup");
 		if (!parms->out.setup) {
 			req->status = NT_STATUS_NO_MEMORY;
 			return smbcli_request_destroy(req);
diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c
index 368278708ac..d76f9fa2392 100644
--- a/source4/libcli/security/dom_sid.c
+++ b/source4/libcli/security/dom_sid.c
@@ -98,7 +98,7 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 	}
 
 	maxlen = sid->num_auths * 11 + 25;
-	ret = talloc(mem_ctx, maxlen);
+	ret = talloc_size(mem_ctx, maxlen);
 	if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)");
 
 	ia = (sid->id_auth[5]) +
diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c
index 2bf29f91619..52ba0225c9f 100644
--- a/source4/libcli/util/asn1.c
+++ b/source4/libcli/util/asn1.c
@@ -424,7 +424,7 @@ BOOL asn1_read_sequence_until(int sock, struct asn1_data *data,
 		len = b;
 	}
 
-	buf = talloc(NULL, len);
+	buf = talloc_size(NULL, len);
 	if (buf == NULL)
 		return False;
 
@@ -548,7 +548,7 @@ BOOL asn1_read_GeneralString(struct asn1_data *data, char **s)
 		data->has_error = True;
 		return False;
 	}
-	*s = talloc(NULL, len+1);
+	*s = talloc_size(NULL, len+1);
 	if (! *s) {
 		data->has_error = True;
 		return False;
diff --git a/source4/librpc/ndr/ndr.c b/source4/librpc/ndr/ndr.c
index 44915bac5ba..9ec22cdb794 100644
--- a/source4/librpc/ndr/ndr.c
+++ b/source4/librpc/ndr/ndr.c
@@ -128,7 +128,7 @@ struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx)
 
 	ndr->flags = 0;
 	ndr->alloc_size = NDR_BASE_MARSHALL_SIZE;
-	ndr->data = talloc(ndr, ndr->alloc_size);
+	ndr->data = talloc_array_p(ndr, uint8_t, ndr->alloc_size);
 	if (!ndr->data) {
 		return NULL;
 	}
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 3fe2d87475e..9a8de8c0ad6 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -1032,7 +1032,7 @@ static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	DATA_BLOB blob2;
 
-	st = talloc(mem_ctx, struct_size);
+	st = talloc_size(mem_ctx, struct_size);
 	if (!st) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1096,7 +1096,7 @@ static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	DATA_BLOB blob, blob2;
 
-	st = talloc(mem_ctx, struct_size);
+	st = talloc_size(mem_ctx, struct_size);
 	if (!st) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index 407bd38f745..051e92b19ce 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -713,8 +713,10 @@ NTSTATUS ntvfs_map_fileinfo(struct smbsrv_request *req, union smb_fileinfo *info
 	case RAW_FILEINFO_STREAM_INFORMATION:
 		info->stream_info.out.num_streams = info2->generic.out.num_streams;
 		if (info->stream_info.out.num_streams > 0) {
-			info->stream_info.out.streams = talloc(req, 
-				info->stream_info.out.num_streams * sizeof(struct stream_struct));
+			info->stream_info.out.streams = 
+				talloc_array_p(req, 
+					       struct stream_struct,
+					       info->stream_info.out.num_streams);
 			if (!info->stream_info.out.streams) {
 				DEBUG(2,("ntvfs_map_fileinfo: no memory for %d streams\n",
 					info->stream_info.out.num_streams));
@@ -751,8 +753,9 @@ NTSTATUS ntvfs_map_fileinfo(struct smbsrv_request *req, union smb_fileinfo *info
 	case RAW_FILEINFO_ALL_EAS:
 		info->all_eas.out.num_eas = info2->generic.out.num_eas;
 		if (info->all_eas.out.num_eas > 0) {
-			info->all_eas.out.eas = talloc(req, 
-				info->all_eas.out.num_eas * sizeof(struct ea_struct));
+			info->all_eas.out.eas = talloc_array_p(req, 
+							       struct ea_struct,
+							       info->all_eas.out.num_eas);
 			if (!info->all_eas.out.eas) {
 				DEBUG(2,("ntvfs_map_fileinfo: no memory for %d eas\n",
 					info->all_eas.out.num_eas));
diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c
index 8e057f214b9..3203f7fa86d 100644
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -35,7 +35,7 @@ static const char *pvfs_resolve_wildcard_component(TALLOC_CTX *mem_ctx,
 	char *dest, *d;
 
 	/* the length is bounded by the length of the two strings combined */
-	dest = talloc(mem_ctx, strlen(fname) + strlen(pattern) + 1);
+	dest = talloc_size(mem_ctx, strlen(fname) + strlen(pattern) + 1);
 	if (dest == NULL) {
 		return NULL;
 	}
diff --git a/source4/ntvfs/posix/pvfs_resolve.c b/source4/ntvfs/posix/pvfs_resolve.c
index 4ad34767950..fc1576b9554 100644
--- a/source4/ntvfs/posix/pvfs_resolve.c
+++ b/source4/ntvfs/posix/pvfs_resolve.c
@@ -412,7 +412,7 @@ static NTSTATUS pvfs_reduce_name(TALLOC_CTX *mem_ctx, const char **fname, uint_t
 	}
 
 	/* rebuild the name */
-	ret = talloc(mem_ctx, len+1);
+	ret = talloc_size(mem_ctx, len+1);
 	if (ret == NULL) {
 		talloc_free(s);
 		return NT_STATUS_NO_MEMORY;
diff --git a/source4/ntvfs/posix/pvfs_util.c b/source4/ntvfs/posix/pvfs_util.c
index 6026b9fbf38..eb0f04728c0 100644
--- a/source4/ntvfs/posix/pvfs_util.c
+++ b/source4/ntvfs/posix/pvfs_util.c
@@ -89,7 +89,7 @@ NTSTATUS pvfs_copy_file(struct pvfs_state *pvfs,
 	mode_t mode;
 	NTSTATUS status;
 	size_t buf_size = 0x10000;
-	char *buf = talloc(name2, buf_size);
+	char *buf = talloc_size(name2, buf_size);
 
 	if (buf == NULL) {
 		return NT_STATUS_NO_MEMORY;
@@ -134,6 +134,7 @@ NTSTATUS pvfs_copy_file(struct pvfs_state *pvfs,
 		}
 	}
 
+	talloc_free(buf);
 	close(fd1);
 
 	mode = pvfs_fileperms(pvfs, name1->dos.attrib);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index da23dd02efc..526ec8b85b0 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -1086,7 +1086,7 @@ static const char *lp_string(const char *s)
 	if (!lp_talloc)
 		lp_talloc = talloc_init("lp_talloc");
 
-	ret = (char *)talloc(lp_talloc, len + 100);	/* leave room for substitution */
+	ret = talloc_array_p(lp_talloc, char, len + 100);	/* leave room for substitution */
 
 	if (!ret)
 		return NULL;
diff --git a/source4/rpc_server/echo/rpc_echo.c b/source4/rpc_server/echo/rpc_echo.c
index 543bca1073c..e5c1ee56cee 100644
--- a/source4/rpc_server/echo/rpc_echo.c
+++ b/source4/rpc_server/echo/rpc_echo.c
@@ -37,11 +37,10 @@ static NTSTATUS echo_EchoData(struct dcesrv_call_state *dce_call, TALLOC_CTX *me
 		return NT_STATUS_OK;
 	}
 
-	r->out.out_data = talloc(mem_ctx, r->in.len);
+	r->out.out_data = talloc_memdup(mem_ctx, r->in.in_data, r->in.len);
 	if (!r->out.out_data) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	memcpy(r->out.out_data, r->in.in_data, r->in.len);
 
 	return NT_STATUS_OK;
 }
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index 3bf917ac718..8feb54a500c 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -77,7 +77,7 @@ static NTSTATUS remote_op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_CT
 		return NT_STATUS_NET_WRITE_FAULT;
 	}
 
-	*r = talloc(mem_ctx, table->calls[opnum].struct_size);
+	*r = talloc_size(mem_ctx, table->calls[opnum].struct_size);
 	if (!*r) {
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c
index 980f48bf57e..0b49512663c 100644
--- a/source4/smb_server/reply.c
+++ b/source4/smb_server/reply.c
@@ -45,7 +45,7 @@
 	
 /* useful wrapper for talloc with NO_MEMORY reply */
 #define REQ_TALLOC(ptr, size) do { \
-	ptr = talloc(req, size); \
+	ptr = talloc_size(req, size); \
 	if (!ptr) { \
 		req_reply_error(req, NT_STATUS_NO_MEMORY); \
 		return; \
@@ -696,7 +696,7 @@ void reply_readbraw(struct smbsrv_request *req)
 	/* before calling the backend we setup the raw buffer. This
 	 * saves a copy later */
 	req->out.size = io.readbraw.in.maxcnt + NBT_HDR_SIZE;
-	req->out.buffer = talloc(req, req->out.size);
+	req->out.buffer = talloc_size(req, req->out.size);
 	if (req->out.buffer == NULL) {
 		goto failed;
 	}
@@ -720,7 +720,7 @@ void reply_readbraw(struct smbsrv_request *req)
 failed:
 	/* any failure in readbraw is equivalent to reading zero bytes */
 	req->out.size = 4;
-	req->out.buffer = talloc(req, req->out.size);
+	req->out.buffer = talloc_size(req, req->out.size);
 	SIVAL(req->out.buffer, 0, 0); /* init NBT header */
 
 	req_send_reply_nosign(req);
diff --git a/source4/smb_server/request.c b/source4/smb_server/request.c
index 417d5fbcfcf..bd33e8cfc76 100644
--- a/source4/smb_server/request.c
+++ b/source4/smb_server/request.c
@@ -120,7 +120,7 @@ void req_setup_reply(struct smbsrv_request *req, uint_t wct, uint_t buflen)
 	/* over allocate by a small amount */
 	req->out.allocated = req->out.size + REQ_OVER_ALLOCATION; 
 
-	req->out.buffer = talloc(req, req->out.allocated);
+	req->out.buffer = talloc_size(req, req->out.allocated);
 	if (!req->out.buffer) {
 		smbsrv_terminate_connection(req->smb_conn, "allocation failed");
 		return;
diff --git a/source4/smb_server/search.c b/source4/smb_server/search.c
index b017c996ef2..3ec66a0f334 100644
--- a/source4/smb_server/search.c
+++ b/source4/smb_server/search.c
@@ -45,7 +45,7 @@
 
 /* useful wrapper for talloc with NO_MEMORY reply */
 #define REQ_TALLOC(ptr) do { \
-	ptr = talloc(req, sizeof(*(ptr))); \
+	ptr = talloc_size(req, sizeof(*(ptr))); \
 	if (!ptr) { \
 		req_reply_error(req, NT_STATUS_NO_MEMORY); \
 		return; \
diff --git a/source4/torture/basic/charset.c b/source4/torture/basic/charset.c
index 5154da85630..af6020da17a 100644
--- a/source4/torture/basic/charset.c
+++ b/source4/torture/basic/charset.c
@@ -41,7 +41,7 @@ static NTSTATUS unicode_open(struct smbcli_tree *tree,
 	int i;
 	NTSTATUS status;
 
-	ucs_name = talloc(mem_ctx, (1+u_name_len)*2);
+	ucs_name = talloc_size(mem_ctx, (1+u_name_len)*2);
 	if (!ucs_name) {
 		printf("Failed to create UCS2 Name - talloc() failure\n");
 		return NT_STATUS_NO_MEMORY;
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index 01b4022d324..5d8c7bf8fdb 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -1330,8 +1330,8 @@ static BOOL handler_readx(int instance)
 	parm[0].readx.in.mincnt = gen_io_count();
 	parm[0].readx.in.maxcnt = gen_io_count();
 	parm[0].readx.in.remaining = gen_io_count();
-	parm[0].readx.out.data = talloc(current_op.mem_ctx,
-					MAX(parm[0].readx.in.mincnt, parm[0].readx.in.maxcnt));
+	parm[0].readx.out.data = talloc_size(current_op.mem_ctx,
+					     MAX(parm[0].readx.in.mincnt, parm[0].readx.in.maxcnt));
 
 	GEN_COPY_PARM;
 	GEN_SET_FNUM(readx.in.fnum);
@@ -1392,8 +1392,9 @@ static BOOL handler_lockingx(int instance)
 	} while (nlocks == 0);
 
 	if (nlocks > 0) {
-		parm[0].lockx.in.locks = talloc(current_op.mem_ctx,
-						sizeof(parm[0].lockx.in.locks[0]) * nlocks);
+		parm[0].lockx.in.locks = talloc_array_p(current_op.mem_ctx,
+							struct smb_lock_entry,
+							nlocks);
 		for (n=0;n<nlocks;n++) {
 			parm[0].lockx.in.locks[n].pid = gen_pid();
 			parm[0].lockx.in.locks[n].offset = gen_offset();
diff --git a/source4/torture/raw/streams.c b/source4/torture/raw/streams.c
index 16c1bee3f11..dd03e1a1251 100644
--- a/source4/torture/raw/streams.c
+++ b/source4/torture/raw/streams.c
@@ -71,7 +71,7 @@ static BOOL check_stream(struct smbcli_state *cli, TALLOC_CTX *mem_ctx,
 		return False;
 	}
 
-	buf = talloc(mem_ctx, strlen(value)+11);
+	buf = talloc_size(mem_ctx, strlen(value)+11);
 	
 	ret = smbcli_read(cli->tree, fnum, buf, 0, strlen(value)+11);
 	if (ret != strlen(value)) {
diff --git a/source4/torture/rpc/echo.c b/source4/torture/rpc/echo.c
index 5db438afd0b..c547c71a831 100644
--- a/source4/torture/rpc/echo.c
+++ b/source4/torture/rpc/echo.c
@@ -62,8 +62,8 @@ static BOOL test_echodata(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
 	printf("\nTesting EchoData\n");
 
-	data_in = talloc(mem_ctx, len);
-	data_out = talloc(mem_ctx, len);
+	data_in = talloc_size(mem_ctx, len);
+	data_out = talloc_size(mem_ctx, len);
 	for (i=0;i<len;i++) {
 		data_in[i] = i;
 	}
@@ -109,7 +109,7 @@ static BOOL test_sourcedata(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
 	printf("\nTesting SourceData\n");
 
-	data_out = talloc(mem_ctx, len);
+	data_out = talloc_size(mem_ctx, len);
 
 	r.in.len = len;
 	r.out.data = data_out;
@@ -144,7 +144,7 @@ static BOOL test_sinkdata(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 
 	printf("\nTesting SinkData\n");
 
-	data_in = talloc(mem_ctx, len);
+	data_in = talloc_size(mem_ctx, len);
 	for (i=0;i<len;i++) {
 		data_in[i] = i+1;
 	}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 35f64933a9d..93755fd0495 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -346,10 +346,10 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 	generate_random_buffer(ninfo.challenge, 
 			       sizeof(ninfo.challenge));
 	ninfo.nt.length = 24;
-	ninfo.nt.data = talloc(mem_ctx, 24);
+	ninfo.nt.data = talloc_size(mem_ctx, 24);
 	SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
 	ninfo.lm.length = 24;
-	ninfo.lm.data = talloc(mem_ctx, 24);
+	ninfo.lm.data = talloc_size(mem_ctx, 24);
 	SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
 
 	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 171e615196a..d90f1618497 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -58,7 +58,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 			       sizeof(ninfo.challenge));
 	if (nt_hash) {
 		ninfo.nt.length = 24;
-		ninfo.nt.data = talloc(mem_ctx, 24);
+		ninfo.nt.data = talloc_size(mem_ctx, 24);
 		SMBOWFencrypt(nt_hash->hash, ninfo.challenge, ninfo.nt.data);
 	} else {
 		ninfo.nt.length = 0;
@@ -67,7 +67,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	
 	if (lm_hash) {
 		ninfo.lm.length = 24;
-		ninfo.lm.data = talloc(mem_ctx, 24);
+		ninfo.lm.data = talloc_size(mem_ctx, 24);
 		SMBOWFencrypt(lm_hash->hash, ninfo.challenge, ninfo.lm.data);
 	} else {
 		ninfo.lm.length = 0;
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 75fbe709b5e..5ec466f0c13 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -79,10 +79,10 @@ static BOOL test_netlogon_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	generate_random_buffer(ninfo.challenge, 
 			       sizeof(ninfo.challenge));
 	ninfo.nt.length = 24;
-	ninfo.nt.data = talloc(mem_ctx, 24);
+	ninfo.nt.data = talloc_size(mem_ctx, 24);
 	SMBNTencrypt(password, ninfo.challenge, ninfo.nt.data);
 	ninfo.lm.length = 24;
-	ninfo.lm.data = talloc(mem_ctx, 24);
+	ninfo.lm.data = talloc_size(mem_ctx, 24);
 	SMBencrypt(password, ninfo.challenge, ninfo.lm.data);
 
 
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index efdf60bd3d1..256f92b974f 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -50,7 +50,7 @@ static BOOL test_EnumServicesStatus(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) {
 		r.in.buf_size = r.out.bytes_needed;
-		r.out.service = talloc(mem_ctx, r.out.bytes_needed);
+		r.out.service = talloc_size(mem_ctx, r.out.bytes_needed);
 		
 		status = dcerpc_svcctl_EnumServicesStatusW(p, mem_ctx, &r);
 
diff --git a/source4/torture/rpc/xplogin.c b/source4/torture/rpc/xplogin.c
index 5cd163039f6..c50a489e422 100644
--- a/source4/torture/rpc/xplogin.c
+++ b/source4/torture/rpc/xplogin.c
@@ -730,8 +730,7 @@ static NTSTATUS test_getgroups(struct smbcli_transport *transport,
 
 		l.in.domain_handle = &domain_handle;
 		l.in.num_rids = g.out.rids->count;
-		l.in.rids = talloc(mem_ctx,
-				   g.out.rids->count * sizeof(uint32_t));
+		l.in.rids = talloc_array_p(mem_ctx, uint32_t, g.out.rids->count);
 
 		for (i=0; i<g.out.rids->count; i++)
 			l.in.rids[i] = g.out.rids->rid[i].rid;
diff --git a/source4/utils/getntacl.c b/source4/utils/getntacl.c
index 034224c66d2..762167a93ae 100644
--- a/source4/utils/getntacl.c
+++ b/source4/utils/getntacl.c
@@ -112,7 +112,7 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	data = talloc(mem_ctx, size);
+	data = talloc_size(mem_ctx, size);
 
 	size = getxattr(argv[1], "security.ntacl", data, size);
 
-- 
2.11.4.GIT