[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3914) test030-relay frees already-freed memory
ando@sys-net.it wrote:
> h.b.furuseth@usit.uio.no wrote:
>
>
>>> I think I've spotted the problem; the fix is in HEAD.
>>>
>>>
>>>
>> Yes, the crash has moved again:-)
>>
>>
>>
> After applying your patch, I'm seeing something __really__ weird: now
> valgrind yiells because memory is being freed twice; but slapd just
> works fine, even with MALLOC_CHECK_=2. If I step in with gdb, I note
> that performing the ldapcompare that's in test030 (with my latest
> commit, rwm.c 1.62->1.63) the ava gets rewritten... in place! After
> ber_dupbv()'ing the new value in the just free()'d
> op->orc_ava->aa_value, the berval gets exactly the same memory it had
> initially, but it's being malloc()'ed again by ber_dupbv(). I suspect
> the fact that it gets __exactly__ the same memory tricks some memory
> checkers like valgrind (and purify? I didn't check with it). Do you
> still get the crash __without__ purify?
>
Might want to try again with ElectricFence, or see if the other tools
have an option to retain freed memory on a separate list (and delay it)
before making it available for re-use.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/