jsoula@univ-lille2.fr wrote:
Full_Name: julien soula Version: 2.4.39 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.254.117.28)
Hi,
this is related to ITS#6508. I don't think that the supplied patch is enough to fix the bug.
When the last "member" entry is dangling then "( j - i == 1 )" is true and the loop is broken without reducing a_numvals.
Looks like you're right. Committed to master, thanks.
So I propose this patch :
--- servers/slapd/overlays/memberof.c.orig 2014-07-09 21:17:14.487296363 +0200 +++ servers/slapd/overlays/memberof.c 2014-07-09 21:31:44.071565223 +0200 @@ -596,6 +596,7 @@ ber_memfree( a->a_nvals[ i ].bv_val ); BER_BVZERO( &a->a_nvals[ i ] ); }
a->a_numvals--; if ( j - i == 1 ) { break; }@@ -607,7 +608,6 @@ sizeof( struct berval )
- ( j - i ) ); } i--;
a->a_numvals--; } }Best regards, Julien