[Date Prev][Date Next] [Chronological] [Thread] [Top]

commit "ITS#8226 limit size of read txns in searches" has a bug

To: "OpenLDAP-devel@openldap.org >> OpenLDAP Devel" <openldap-devel@openldap.org>, Howard Chu <hyc@openldap.org>
Subject: commit "ITS#8226 limit size of read txns in searches" has a bug
From: Леонид Юрьев <leo@yuriev.ru>
Date: Mon, 31 Aug 2015 14:12:16 +0300

Hi, Howard.

wwctx.txn may be uninitialized, see lines 712-720 of back-mdb/search.c
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/back-mdb/search.c;h=502312add20f305cb62083a88610aaaf2a2d652c;hb=21bf33b0e8e044d6722a9c3ef4a3961d71465d77#l713

And therefore mdb_rtxn_snap() may segfault when will called from line 1127.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/slapd/back-mdb/search.c;h=502312add20f305cb62083a88610aaaf2a2d652c;hb=21bf33b0e8e044d6722a9c3ef4a3961d71465d77#l1127

I think, one of the following should be:
- wwctx should be initialize completely at 712;
or
- an additional condition should be checked at 1123-1125.

Regards,
Leonid.

Follow-Ups:
- Re: commit "ITS#8226 limit size of read txns in searches" has a bug
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Dynamic groups, autogroup
Next by Date: Re: commit "ITS#8226 limit size of read txns in searches" has a bug
Index(es):
- Chronological
- Thread