[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5323) dyngroup.c:dgroup_cf() bug

Full_Name: Hallvard B Furuseth
Version: HEAD, RE24
Submission from: (NULL) (
Submitted by: hallvard

overlays/dyngroup.c:dgroup_cf() has some strange LDAP_MOD_DELETE code:

    app = (adpair **)&on->on_bi.bi_private;
    for (...; ...; ..., app = &ap->ap_next) {
        ap = *app;
    *app = ap->ap_next;

Last statement is a no-op, since *app == *(&ap->ap_next) == ap->ap_next.
I'm not sure what it's intended to do.

Also the first statement makes the void* object bi_private be accessed
as an adpair* object.  Breaks the 'strict aliasing' rules, so I guess it
can miscompile.  To avoid that, start the code with something like
     ap = on->on_bi.bi_private;
     app = ≈