[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SEGFAULT with NULL backend suffix definition (ITS#23)

To: openldap-its@openldap.org
Subject: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
From: Kurt@openldap.org
Date: Mon, 28 Dec 1998 15:45:11 GMT

Alex Iliynsky wrote:
> 
> >Dammit! I've found a bug :)
> >
> >back-ldbm/search.c - call to subtree_candidate with UNINITIALIZED char *
> >matched.
> >On exit, where nothing was found, matched still NOT NULL and on following
> >call free(matched), arbitraty data (in my case, it was Op structure -
> >garbage was left on stack by previous call ) will freed. Any next calloc
> >will owerwrite op structure and cause unpredictable results.
> >
> >So - just init matched on declare time
> >
> >char    *    matched = NULL;
> 
> I drop another look to code, and think, that best place to init matched -
> subtree_candidates before dn2entry_r(). But it can depends..

I've just initialized matched where declared in ldbm_back_search() to NULL as
dn2entry_r() may never be reached.   See search.c rev 1.18.

Kurt

Prev by Date: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
Next by Date: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
Index(es):
- Chronological
- Thread