[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7127) Syncrepl config uses freed data

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7127) Syncrepl config uses freed data
From: hyc@symas.com
Date: Thu, 19 Jan 2012 23:57:23 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: 2.4.21++, master
> OS:
> URL:
> Submission from: (NULL) (195.1.106.125)
> Submitted by: hallvard
>
>
> In syncrepl_config(), ldap_pvt_runqueue_remove() frees 're',
> then the retract statement reads 're->routine':
>
> 	ldap_pvt_runqueue_remove(&slapd_rq, re );
> 	ldap_pvt_thread_mutex_unlock(&slapd_rq.rq_mutex );
> 	if ( ldap_pvt_thread_pool_retract(&connection_pool,
> 		re->routine, re )>  0 )
>
> Formally I think the pointer 're' itself is invalid after freeing it,
> so the ISO C-clean fix would involve calling retract() first.  If
> that's wrong:  I assume the thread pool is paused at this point, so
> the task can not be started (and use re) before it can be retracted,
> and we can just just read re->routine before freeing re.

Makes sense. Fixed in master.
>
> Found by Valgrind in test063-delta-multimaster.


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7127) Syncrepl config uses freed data
Next by Date: (ITS#7129) slapo-valsort(5) missing description of LDAP_CONTROL_VALSORT
Index(es):
- Chronological
- Thread