[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SEGFAULT with NULL backend suffix definition (ITS#23)

Dammit! I've found a bug :)

back-ldbm/search.c - call to subtree_candidate with UNINITIALIZED char *
On exit, where nothing was found, matched still NOT NULL and on following
call free(matched), arbitraty data (in my case, it was Op structure -
garbage was left on stack by previous call ) will freed. Any next calloc
will owerwrite op structure and cause unpredictable results.

So - just init matched on declare time

char    *    matched = NULL;

I've tested my configuration with this patch. all ok. I don't know, why this
error was not occured in 1.0 and 1.1.1 :) Maybe the moon was in proper stage
while you wrote 1.1 :)

P.S. as i noticed, all calls to functions that has a matched-like pointer in
args preceed by setting matched to NULL.
-----Original Message-----
From: Kurt D. Zeilenga <Kurt@OpenLDAP.Org>
To: starder@rosinter.ru <starder@rosinter.ru>
Cc: openldap-its@OpenLDAP.Org <openldap-its@OpenLDAP.Org>
Date: 28 äåêàáðÿ 1998 ã. 2:58
Subject: Re: SEGFAULT with NULL backend suffix definition (ITS#23)

>At 10:03 PM 12/27/98 GMT, starder@rosinter.ru wrote:
>>BTW 1.0 and 1.1 as i wrote, working fine with the same config and the
>>same database.
>It is interesting that you do not see this with OpenLDAP 1.1.0.
>I ask you double check your prior tests and make sure the slapd.conf
>and initial LDIF data is the same.  You might also see if you can
>duplicate it --without-threads.
>The only difference I can find between 1.1.0 and 1.1.1 that impacts
>searches is the realBase handling in ldbm_back_search().   In 1.1.0,
>there was an extraneous free() and realbase was being leaked.  The
>extraneous free() was removed and many of the realbase leaks plugged.
>It might be interesting to see if this change (applied to 1.1.0 and/or
>backed out of 1.1.1) has any impact upon the results.