From lorenz@cloudflare.com Tue Jun 28 11:06:56 2016 From: lorenz@cloudflare.com To: openldap-bugs@openldap.org Subject: Re: (ITS#8452) LMDB: mdb_env_copyfd2 can deadlock due to missing mdb_env_cthr_toggle check Date: Tue, 28 Jun 2016 11:06:54 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8739458025065480019==" --===============8739458025065480019== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable --94eb2c033d26fe88ce053654a1b2 Content-Type: text/plain; charset=3DUTF-8 I had a look at your changes, it seems like they obsolete my other bug report as well. At the same time, I think you are introducing a double free? In copyfd1, if memalign (and friends) fails you goto done, which then proceeds to free(). Same for the case where CreateMutex or CreateFree return an error, since they happen before allocation, but also goto done. -- Lorenz On 28 June 2016 at 11:09, Hallvard Breien Furuseth wrote: > Looks like a dup of ITS#8209. I've pushed a fix to > mdb.master. Hadn't gotten around to testing it properly. > > -- > Hallvard > --94eb2c033d26fe88ce053654a1b2 Content-Type: text/html; charset=3DUTF-8 Content-Transfer-Encoding: quoted-printable

I had a look at your changes, it seems like they obsolete = =3D my other bug report as well.

At the same time, I think y=3D ou are introducing a double free? In copyfd1, if memalign (and friends) fai=3D ls you goto done, which then proceeds to free(). Same for the case where Cr=3D eateMutex or CreateFree return an error, since they happen before allocatio=3D n, but also goto done.

--

Lorenz

On 28 June = 20=3D 16 at 11:09, Hallvard Breien Furuseth <h.b.furuseth(a)usit.uio.no= =3D > wrote:

Looks like a dup of IT=3D S#8209.=3DC2=3DA0 I've pushed a fix to
mdb.master.=3DC2=3DA0 Hadn't gotten around to testing it properly.

--
Hallvard

--94eb2c033d26fe88ce053654a1b2-- --===============8739458025065480019==--