[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
malloc bugs
derefDN() in servers/slapd/back-ldbm/alias.c is broken:
It may free() `dn' (and maybe other variables) without resetting them,
and they wil then be used later (e.g. dn is used after the for loop).
Nor am I sure what it is supposed to return in all cases, or whether
or not it is always supposed to return newly allocated data.
Somebody who knows db-1.85 and Sleepycat should check this:
Files: include/ldbm.h, libraries/libldbm/ldbm.c.
All ldbm functions except some versions of ldbm_<first/next>_key
appear to return newly allocated data which the caller should free.
(If the underlying database doesn't malloc the data, then ldbm does it
for you - and ldbm_datum_free reflects whether or not the underlying
service does malloc). So, ldbm_datum_free() should probably only be
used on data from ldbm_<first/next>key; other data should be plain
free()d. Today, ldbm_datum_free is used on all kinds of Datum values.
--
Hallvard