https://bugs.openldap.org/show_bug.cgi?id=9415
Issue ID: 9415 Summary: Possible use of memory after free Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs@openldap.org Reporter: cwe@skov.dk Target Milestone: ---
In my code I have a construct like this:
err = mdb_txn_commit(txn); if (err) { mdb_txn_abort(txn); }
I run codesonar on my code and include the lmdb source in the run. Codesonar reports a possible double free for the case where mdb_midl_append_list in mdb.c line 3586 returns ENOMEM. The code following line 3586 will free the txn and return ENOMEM. This will cause my code to call mdb_txn_abort, which will access the freed memory and call free again.
Please ask if more details are needed.