[Date Prev][Date Next] [Chronological] [Thread] [Top]

malloc bugs

derefDN() in servers/slapd/back-ldbm/alias.c is broken:
  It may free() `dn' (and maybe other variables) without resetting them,
  and they wil then be used later (e.g. dn is used after the for loop).
  Nor am I sure what it is supposed to return in all cases, or whether
  or not it is always supposed to return newly allocated data.

Somebody who knows db-1.85 and Sleepycat should check this:
  Files: include/ldbm.h, libraries/libldbm/ldbm.c.
  All ldbm functions except some versions of ldbm_<first/next>_key
  appear to return newly allocated data which the caller should free.
  (If the underlying database doesn't malloc the data, then ldbm does it
  for you - and ldbm_datum_free reflects whether or not the underlying
  service does malloc).  So, ldbm_datum_free() should probably only be
  used on data from ldbm_<first/next>key; other data should be plain
  free()d.  Today, ldbm_datum_free is used on all kinds of Datum values.