[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7588) SSSVLV can cause segmentation fault
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7588) SSSVLV can cause segmentation fault
- From: hyc@symas.com
- Date: Mon, 13 May 2013 15:14:10 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
kevinanties@gmail.com wrote:
> Full_Name: kevin
> Version: 2.4.35
> OS: ubuntu
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (202.64.130.126)
>
>
> The problem is due to double free pointers in send_page() and free_sort_op()
> function.
>
> In send_page function, some nodes of so_tree have been free by ch_free and
> ber_memfree function. If a client suddenly aborts the connection, free_sort_op
> function will be called. In free_sort_op function, tavl_free() will be called
> and it try to free the nodes of so_tree. Hoverer, some of nodes had already free
> before and segmentation resulted.
>
> A possible solution is to to check whether it is a paged request in free_sort_op
> function. If yes, continuous to free the next node of so_tree but not free
> previous node.
Thanks for the report. The fix is simpler than that, and now in git master.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/