Re: openldap-2.0.7/servers/slapd/back-ldbm/init.c

[Pierangelo Masarati <pmasarati@bci.it>]

Luiz Ernesto Pinheiro Malere wrote:

> int
> ldbm_back_db_destroy(
>     BackendDB   *be
> )
> {
>         /* should free/destroy every in be_private */
>         struct ldbminfo *li = (struct ldbminfo *) be->be_private;
>
>         // Modified by Fernando Lemos 27/03/2001
>         // li value was always 0x00000000 resulting on an exception
>         // that the reason for this if() { }.
>         if (li == NULL) {

I wonder how, if ythe test succeeds, i.e. the pointer is NULL,
the members of the structure it points to can dereferenced
in the following lines ... this is logically broken.

>
>                 free( li->li_directory );
>                 attr_index_destroy( li->li_attrs );
>
>                 ldap_pvt_thread_mutex_destroy( &li->li_root_mutex );
>                 ldap_pvt_thread_mutex_destroy( &li->li_add_mutex );
>                 ldap_pvt_thread_mutex_destroy( &li->li_cache.c_mutex );
>                 ldap_pvt_thread_mutex_destroy( &li->li_nextid_mutex );
>                 ldap_pvt_thread_mutex_destroy( &li->li_dbcache_mutex );
>                 ldap_pvt_thread_cond_destroy( &li->li_dbcache_cv );
>
>                 free( be->be_private );
>                 be->be_private = NULL;
>         }
>
>         return 0;
> }

If you get such a message, then the pointer gets corrupted
BEFORE reaching this function. In such case, a better
workaround would be to skip any resource freeing while
the reason of the corruption is detected...

Regards, Pierangelo.

--
Dr. Pierangelo Masarati    mailto:ando@sys-net.it
Developer, SysNet s.n.c.   http://www.sys-net.it