[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7588) SSSVLV can cause segmentation fault

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7588) SSSVLV can cause segmentation fault
From: hyc@symas.com
Date: Mon, 13 May 2013 15:14:10 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

kevinanties@gmail.com wrote:
> Full_Name: kevin
> Version: 2.4.35
> OS: ubuntu
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (202.64.130.126)
>
>
> The problem is due to double free pointers in send_page() and free_sort_op()
> function.
>
> In send_page function, some nodes of so_tree have been free by ch_free and
> ber_memfree function. If a client suddenly aborts the connection, free_sort_op
> function will be called. In free_sort_op function, tavl_free() will be called
> and it try to free the nodes of so_tree. Hoverer, some of nodes had already free
> before and segmentation resulted.
>
> A possible solution is to to check whether it is a paged request in free_sort_op
> function. If yes, continuous to free the next node of so_tree but not free
> previous node.

Thanks for the report. The fix is simpler than that, and now in git master.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7589) MDB nodesize issues
Next by Date: (ITS#7590) admin24 incorrectly says "back-bdb" is recommended
Index(es):
- Chronological
- Thread