[Date Prev][Date Next]
Re: SEGFAULT with NULL backend suffix definition (ITS#23)
Dammit! I've found a bug :)
back-ldbm/search.c - call to subtree_candidate with UNINITIALIZED char *
On exit, where nothing was found, matched still NOT NULL and on following
call free(matched), arbitraty data (in my case, it was Op structure -
garbage was left on stack by previous call ) will freed. Any next calloc
will owerwrite op structure and cause unpredictable results.
So - just init matched on declare time
char * matched = NULL;
I've tested my configuration with this patch. all ok. I don't know, why this
error was not occured in 1.0 and 1.1.1 :) Maybe the moon was in proper stage
while you wrote 1.1 :)
P.S. as i noticed, all calls to functions that has a matched-like pointer in
args preceed by setting matched to NULL.
From: Kurt D. Zeilenga <Kurt@OpenLDAP.Org>
To: firstname.lastname@example.org <email@example.com>
Cc: openldap-its@OpenLDAP.Org <openldap-its@OpenLDAP.Org>
Date: 28 äåêàáðÿ 1998 ã. 2:58
Subject: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
>At 10:03 PM 12/27/98 GMT, firstname.lastname@example.org wrote:
>>BTW 1.0 and 1.1 as i wrote, working fine with the same config and the
>It is interesting that you do not see this with OpenLDAP 1.1.0.
>I ask you double check your prior tests and make sure the slapd.conf
>and initial LDIF data is the same. You might also see if you can
>duplicate it --without-threads.
>The only difference I can find between 1.1.0 and 1.1.1 that impacts
>searches is the realBase handling in ldbm_back_search(). In 1.1.0,
>there was an extraneous free() and realbase was being leaked. The
>extraneous free() was removed and many of the realbase leaks plugged.
>It might be interesting to see if this change (applied to 1.1.0 and/or
>backed out of 1.1.1) has any impact upon the results.