[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5687) corrupted double-linked list on shutdown

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5687) corrupted double-linked list on shutdown
From: ando@sys-net.it
Date: Sat, 6 Sep 2008 09:39:52 GMT

Quanah,

I'm not seeing failures like yours, but valgrind is telling me that 
there is still a double-free in rwm in case of CTRL^C (apart from the 
listener-related one, which occurs very often):

==12729== Thread 7:
==12729== Invalid free() / delete / delete[]
==12729==    at 0x4004FDA: free (vg_replace_malloc.c:233)
==12729==    by 0x8240855: ber_memfree_x (memory.c:152)
==12729==    by 0x80E5277: slap_sl_free (sl_malloc.c:451)
==12729==    by 0x80874AF: do_search (search.c:221)
==12729==    by 0x8084347: connection_operation (connection.c:1084)
==12729==    by 0x8084834: connection_read_thread (connection.c:1211)
==12729==    by 0x820F460: ldap_int_thread_pool_wrapper (tpool.c:663)
==12729==    by 0xDEB46A: start_thread (in /lib/libpthread-2.5.so)
==12729==    by 0xD42DBD: clone (in /lib/libc-2.5.so)
==12729==  Address 0x44F7908 is 0 bytes inside a block of size 19 free'd
==12729==    at 0x4004FDA: free (vg_replace_malloc.c:233)
==12729==    by 0x8240855: ber_memfree_x (memory.c:152)
==12729==    by 0x80A5A31: ch_free (ch_malloc.c:139)
==12729==    by 0x81E1DC0: rwm_op_cleanup (rwm.c:65)
==12729==    by 0x80976CD: slap_cleanup_play (result.c:341)
==12729==    by 0x8097DEA: send_ldap_response (result.c:522)
==12729==    by 0x809850E: slap_send_ldap_result (result.c:642)
==12729==    by 0x812D806: ldap_back_search (search.c:544)
==12729==    by 0x80F7E40: glue_sub_search (backglue.c:340)
==12729==    by 0x80F83A9: glue_op_search (backglue.c:452)
==12729==    by 0x80FAD2F: overlay_op_walk (backover.c:657)
==12729==    by 0x80FAF64: over_op_func (backover.c:719)
==12729==    by 0x80FAFE8: over_op_search (backover.c:741)
==12729==    by 0x8087ADB: fe_op_search (search.c:366)
==12729==    by 0x80FADAF: overlay_op_walk (backover.c:667)
==12729==    by 0x80FAF64: over_op_func (backover.c:719)
==12729==    by 0x80FAFE8: over_op_search (backover.c:741)
==12729==    by 0x8087483: do_search (search.c:217)
==12729==    by 0x8084347: connection_operation (connection.c:1084)
==12729==    by 0x8084834: connection_read_thread (connection.c:1211)
==12729==


It seems that rwm_op_cleanup() frees the massaged DN but does not 
restore the original values, since do_search frees it again.  I guess 
the dn does get massaged, since r_dn is not null.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Prev by Date: Re: (ITS#5687) corrupted double-linked list on shutdown
Next by Date: Re: (ITS#5687) corrupted double-linked list on shutdown
Index(es):
- Chronological
- Thread