[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: reference through null pointer and memory leak (related to ITS#7588)



jdhgit@yahoo.com wrote:
> Full_Name: John Hardin
> Version: master
> OS: Centos 6.4
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (50.23.115.111)
>
>
> The commit for ITS#7588 causes a crash if next_node is NULL:
>
>          /* Set the first entry to send for the next page */
>          so->so_tree = next_node;
> +       next_node->avl_left = NULL;
>
> next_node will be NULL if all entries have been sent, or if slapd_shutdown is
> true.

Thanks for pointing this out, will fix it shortly.

> Another issue related to ITS#7588 is a memory leak when a sorted search with
> paged results is aborted. This may be because so->so_tree is not the root of the
> tree when free_sort_op() calls tavl_free().

Not being root of the tree is irrelevant. The tree is threaded, and every 
remaining node is connected by its preceding node's right child pointer. The 
tavl_free() function recurses over all of the right and left children, so this 
should not be a problem.

Can you post a test case that demonstrates the leak?

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/