martin.konold@erfrakon.de wrote:
Am Dienstag, 10. März 2009 06:53:34 schrieben Sie:
Please provide steps to reproduce the segfault, thanks.
Hi Howard,
I tried to reproduce the problem on either OpenSUSE 11.1 or Fedora but I could not reproduce the crash.
The crash was reproducable with OpenPKG though I guess the crash depends on the version of bdb beeing used. The code fetches an transaction from an internal table which might have slightly different semantics with regards to initialization depending on bdb version.
Anyway if you look at the rather trivial patch you will see that it indeed solves a problem independent of bdb version used so the code does not depend on a side effect anymore.
On one hand the void pointer *data should not be dangeling and therefore initialization with NULL is correct.
*data will only be referenced if ldap_pvt_thread_pool_getkey() succeeds. If that function succeeds, data will have a value. There is no dangling pointer here.
On the other hand TXN_ABORT() must not be called with potentially dangeling pointers and therefor a trivial check for the validitiy of the pointer is a good idea.
Likewise, bdb_reader_free() will only get called as a result of successful pool_setkey() calls. There will be no dangling pointers there either.
Since most of this code has been in place since 2002 and no one else has reported the problem before, it seems to me that OpenPKG is doing something very unusual. And being unable to reproduce the problem ourselves, I'd like to see exactly what they're doing to cause it.
I've committed part of the patch in the meantime, but until we see steps to reproduce the crash, I'm unconvinced that this is any meaningful change.