[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3612) Segfault in libraries/libldap/result.c
> Checking out the code, I see that if l->lm_chain is not null, the
> code checks structs of l->lm_chain_tail without first verifying
> that lm_chain_tail is not null as well:
>
> if (l->lm_chain == NULL) {
> if ((l->lm_msgtype == LDAP_RES_SEARCH_ENTRY) ||
> (l->lm_msgtype == LDAP_RES_SEARCH_REFERENCE) ||
> (l->lm_msgtype == LDAP_RES_INTERMEDIATE)) {
> /* do not advance lm_chain_tail in this case */
> l->lm_chain = new;
> } else {
> /*FIXME: ldap_msgfree( l );*/
> l = new;
> l->lm_chain_tail = new;
> }
> } else {
> => if ((l->lm_chain_tail->lm_chain->lm_msgtype
> == LDAP_RES_SEARCH_ENTRY) ||
> (l->lm_chain_tail->lm_chain->lm_msgtype
> == LDAP_RES_SEARCH_REFERENCE) ||
> (l->lm_chain_tail->lm_chain->lm_msgtype
> == LDAP_RES_INTERMEDIATE)) {
> l->lm_chain_tail->lm_chain->lm_chain = new;
> l->lm_chain_tail = l->lm_chain_tail->lm_chain;
> } else {
> /*FIXME: ldap_msgfree( l->lm_chain_tail->lm_chain );*/
> l->lm_chain_tail->lm_chain = new;
> }
> }
>
> The struct l looks like this:
>
> 3: *l = {lm_msgid = 2, lm_msgtype = 100, lm_ber = 0x8070920, lm_chain =
> 0x8071630,
> lm_chain_tail = 0x0, lm_next = 0x0, lm_time = 0}
>
> Code needs to be added to check for the possibility of a null
> lm_chain_tail.
>
Your report appears to indicate a bug but, without having looked in detail
to the code yet, I infer that if the chain is not null, neither its tail
should. I suspect the problem is earlier on.
In any case, thanks for the report.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497