[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: slapd crasher in HEAD (ITS#2864)



Could this be the problem? Not sure if I understand sl_mark()
correctly, but:

slap_send_search_reference() calls access_allowed() which caches
ACL group membership information, using memory allocated from 
op->o_tmpmemctx - this is then freed by sl_release().

Note that the crasher occurs slap_op_free() when trying to free
the cached ACL group membership information.

The following things fix the crasher:

	- removing the call to access_allowed() from
	  slap_send_search_reference()
	- setting op->o_do_not_cache before calling
	  access_allowed()
	- moving sl_mark() after the call to access_allowed()

Perhaps another option would be for sl_release() to zero 
memory but it would be better to fix the real problem. It
looks like this may potentially manifest other functions in
result.c

-- Luke