[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: complex searches with filters: more memory leaks and an id list issue

I don't believe any of the changes are appropriate.

At 03:39 AM 2001-10-05, Thomas Koch wrote:

>as reported some time ago, our use of slapd involves all sorts of
>search queries. We are now moving to 2.0.15 and believe that some
>problems that we identified in 2.0.11 during the last weeks still
>Included is a patch of the changes that we had applied to 2.0.11 recently
>(with the intention to report them soon) and which we believe 
>should go into 2.0.15.
>* memory leaks: there are some locations in filterindex.c which
>  do not free a tmp object under certain error conditions.
>* null pointer: in filter.c, we have observed crashes when 
>  an attempt was made to free f->f_sub, with f_sub being NULL.
>* id list scan: in idl.c. This seems the most tricky issue. Our
>  "fix" might be totally inconsistent, since it is time consuming
>  to figure out all the details of the id list handling.
>  Here is what we have observed: when matching id lists,
>  it could happen that the same id occurs twice in the result.
>  This could cause the resulting id list to grow beyond its
>  allocated size, which then may result in a memory overrun.
>  Our change enforces a more defensive behaviour, and also
>  avoids inserting duplicates in the result id list.
>  (In our test code there is an additional check against
>   buffer overrun, which should probably not be used in production.)
>  Whether this completely resolves the problem, I don't know,
>  but we have not seen any of the problems after this change.
>I would appreciate any feedback, because we don't want to
>mess up the original code.