[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5121) IDL cache issue



ando@sys-net.it wrote:
> To reproduce:
> 
> - set idlcache
> 
> - search one entry, so that the idl gets cached
> 
> - delete that entry, so that the idl gets cleared - but head/tail don't
> 
> - search another entry so that it gets cached - head/tail are corrupted
> 
> I've a fix for this about to come (affects 2.4.5 as well, sigh; not sure
> about re23).

Coverity shows this patch has introduced a NULL pointer dereference.
@@ -364,6 +381,9 @@
                 ee = bdb->bi_idl_lru_tail;
                 for ( i = 0; i < 10; i++, ee = eprev ) {
                         eprev = ee->idl_lru_prev;
+                       if ( eprev == ee ) {
+                               eprev = NULL;
+                       }
                         if ( ee->idl_flags & CACHE_ENTRY_REFERENCED ) {
                                 ee->idl_flags ^= CACHE_ENTRY_REFERENCED;
                                 continue;

What's the purpose of this change, and should you be testing for a NULL now in 
the for loop conditions?
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/