bug in schemaparse.c (fwd)

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

This bugreport resembles ITS#25.  Please follow up, somebody;-)
I'm not sure how to see which branch was fixed in the cvs log quoted in
<URL:http://www.OpenLDAP.org/its/index.cgi?findid=25>, and how to fetch
that branch with cvs...

W. Bradley Rubenstein writes:
> I apologize for not putting this through the correct channels, but I'm
> quite new here.

That's no reason to send it to me.  Could you tell us what made you
steer away from the "correct channels" (openldap-bug@openldap.org or ITS
at <URL:http://www.openldap.org/its/>), so we can fix the text so other
newcomers will feel free to report bugs there?


> I just pulled OpenLDAP 1.1 and encountered a bug that
> corrupts the heap when the schema is built.
> 
> A quick look shows that the calls to charray_free in
> servers/slapd/schemaparse.c (rev 1.4 line 36 and 48) are freeing memory
> that is still in use (because charray_merge moves the internal pointers
> of the charray, so that the value of "s" is half-in-use,
> half-to-be-freed.
> 
> The parallel code in aclparse.c calls free() instead of charray_free()
> after charray_merge(), and doing that here fixes the problem.
> 
> I thought I'd bring it to your attention, in case you'd like to check in
> a change.
> 
> Thanks,
> 
> Brad
> 
> -- 
> Brad.Rubenstein@GS.COM
> Fixed Income Currency & Commodity Strategies
> Goldman, Sachs & Co.