[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
syncrepl crasher (ITS#3297)
Full_Name: Luke Howard
Version: 2.2.15
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.13.32.92)
syncrepl can crash due a double free.
==12526== Thread 6:
==12526== Invalid free() / delete / delete[]
==12526== at 0x1B905391: free (vg_replace_malloc.c:153)
==12526== by 0x1B9474EF: ber_memfree_x (memory.c:153)
==12526== by 0x808160C: ch_free (ch_malloc.c:159)
==12526== by 0x8072406: entry_free (entry.c:426)
==12526== by 0x80AEB1D: do_syncrep2 (syncrepl.c:548)
==12526== by 0x80AF868: do_syncrepl (syncrepl.c:861)
==12526== by 0x1B913303: ldap_int_thread_pool_wrapper (tpool.c:467)
==12526== by 0x1BB7597B: thread_wrapper (vg_libpthread.c:867)
==12526== by 0xB000F7E1: do__quit (vg_scheduler.c:1861)
==12526== Address 0x1C2DB3F8 is 0 bytes inside a block of size 40 free'd
==12526== at 0x1B905391: free (vg_replace_malloc.c:153)
==12526== by 0x1B9474EF: ber_memfree_x (memory.c:153)
==12526== by 0x808160C: ch_free (ch_malloc.c:159)
==12526== by 0x8072406: entry_free (entry.c:426)
==12526== by 0x80AFFF9: syncrepl_message_to_entry (syncrepl.c:1060)
==12526== by 0x80AEA5F: do_syncrep2 (syncrepl.c:534)
==12526== by 0x80AF868: do_syncrepl (syncrepl.c:861)
==12526== by 0x1B913303: ldap_int_thread_pool_wrapper (tpool.c:467)
==12526== by 0x1BB7597B: thread_wrapper (vg_libpthread.c:867)
==12526== by 0xB000F7E1: do__quit (vg_scheduler.c:1861)
Patch, which I will commit, follows:
Index: syncrepl.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/syncrepl.c,v
retrieving revision 1.130
diff -u -r1.130 syncrepl.c
--- syncrepl.c 20 Aug 2004 14:26:58 -0000 1.130
+++ syncrepl.c 23 Aug 2004 23:18:52 -0000
@@ -1088,7 +1088,7 @@
ber_free ( ber, 0 );
if ( rc != LDAP_SUCCESS ) {
entry_free( e );
- e = NULL;
+ *entry = e = NULL;
}
return rc;