[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SEGFAULT with NULL backend suffix definition (ITS#23)

To: openldap-its@openldap.org
Subject: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
From: alan_k@HK.Super.NET
Date: Mon, 28 Dec 1998 16:11:08 GMT

Confirmed, this fixes my segfaulting as well.

line 52 :changed to
	char		*matched = NULL;
in back-ldbm/search.c

Well done and many thanks to all, 

happy new year (1.1.2????)

regards

alan

starder@rosinter.ru wrote:
> 
> Dammit! I've found a bug :)
> 
> back-ldbm/search.c - call to subtree_candidate with UNINITIALIZED char *
> matched.
> On exit, where nothing was found, matched still NOT NULL and on following
> call free(matched), arbitraty data (in my case, it was Op structure -
> garbage was left on stack by previous call ) will freed. Any next calloc
> will owerwrite op structure and cause unpredictable results.
> 
> So - just init matched on declare time
> 
> char    *    matched = NULL;
> 
> I've tested my configuration with this patch. all ok. I don't know, why this
> error was not occured in 1.0 and 1.1.1 :) Maybe the moon was in proper stage
> while you wrote 1.1 :)
> 
> P.S. as i noticed, all calls to functions that has a matched-like pointer in
> args preceed by setting matched to NULL.
> -----Original Message-----
> From: Kurt D. Zeilenga <Kurt@OpenLDAP.Org>
> To: starder@rosinter.ru <starder@rosinter.ru>
> Cc: openldap-its@OpenLDAP.Org <openldap-its@OpenLDAP.Org>
> Date: 28 äåêàáðÿ 1998 ã. 2:58
> Subject: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
> 
> >At 10:03 PM 12/27/98 GMT, starder@rosinter.ru wrote:
> >>BTW 1.0 and 1.1 as i wrote, working fine with the same config and the
> >>same database.
> >
> >It is interesting that you do not see this with OpenLDAP 1.1.0.
> >I ask you double check your prior tests and make sure the slapd.conf
> >and initial LDIF data is the same.  You might also see if you can
> >duplicate it --without-threads.
> >
> >The only difference I can find between 1.1.0 and 1.1.1 that impacts
> >searches is the realBase handling in ldbm_back_search().   In 1.1.0,
> >there was an extraneous free() and realbase was being leaked.  The
> >extraneous free() was removed and many of the realbase leaks plugged.
> >It might be interesting to see if this change (applied to 1.1.0 and/or
> >backed out of 1.1.1) has any impact upon the results.
> >
> http://www.OpenLDAP.org/devel/cvsweb.cgi/servers/slapd/back-ldbm/search.c.di
> ff?r1=1.7.2.6&r2=1.7.2.7
> >
> >Kurt
> >
> >

-- 
------------------// Alan's Signature //--------------------
If the answers not at http://www.hk.super.net/~alan_k , then 
let me now, CAUSE IT'S SUPPOSED TO BE!
-----------// Alan's Linux Infomation Center //-------------

Prev by Date: Re: SEGFAULT with NULL backend suffix definition (ITS#23)
Next by Date: Missing argument to ctime_r
Index(es):
- Chronological
- Thread