[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SEGFAULT with NULL backend suffix definition (ITS#23)

Alex Iliynsky wrote:
> >Dammit! I've found a bug :)
> >
> >back-ldbm/search.c - call to subtree_candidate with UNINITIALIZED char *
> >matched.
> >On exit, where nothing was found, matched still NOT NULL and on following
> >call free(matched), arbitraty data (in my case, it was Op structure -
> >garbage was left on stack by previous call ) will freed. Any next calloc
> >will owerwrite op structure and cause unpredictable results.
> >
> >So - just init matched on declare time
> >
> >char    *    matched = NULL;
> I drop another look to code, and think, that best place to init matched -
> subtree_candidates before dn2entry_r(). But it can depends..

I've just initialized matched where declared in ldbm_back_search() to NULL as
dn2entry_r() may never be reached.   See search.c rev 1.18.