[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5340) REP_ENTRY_MODIFIABLE bug in dynlist

Full_Name: Hallvard B Furuseth
Submission from: (NULL) (
Submitted by: hallvard

overlays/dynlist.c lines 371-376 sets REP_ENTRY_MUSTBEFREED in rs->sr_flags
without duplicating the entry, if REP_ENTRY_MODIFIABLE was set.
Thus the entry gets freed twice.  Breaks test044-dynlist with back-ldif.

This code snippet fixes it for test044, but it may be the wrong fix:
	e = rs->sr_entry;
	e_flags = rs->sr_flags;
	if ( !( e_flags & REP_ENTRY_MODIFIABLE ) ) {
		e = entry_dup( e );
		if ( e_flags & REP_ENTRY_MUSTBEFREED )
			entry_free( rs->sr_entry );

First, can something have references into the old sr_entry at this point?

Second, there is also a REP_ENTRY_MUSTRELEASE flag which means to call
be_entry_release_rw(), maybe that must be handled.  Also overlays collect,
pcache & valsort ignore REP_ENTRY_MUSTRELEASE.

A common function to handle this might be useful - pass it a SlapResponse,
BackendDB and flags to set and flags to unset, and let it free, release
or dup what is needed.