Full_Name: Rein Tollevik Version: CVS head OS: URL: Submission from: (NULL) (81.93.160.250)

We have seen occasional seg. faults in syncprov_qtask() where it was passed a syncops pointer containing garbage in its arg. It looks as this could happen if syncprov_free_syncop is called to free an abandoned operation. I hope the patch at the should fix this, it makes sure to remove the syncops->s_qtask (if any) from the runqueue before freeing the syncops itself.

Rein Tollevik Basefarm AS

Index: OpenLDAP/servers/slapd/overlays/syncprov.c diff -u OpenLDAP/servers/slapd/overlays/syncprov.c:1.16 OpenLDAP/servers/slapd/overlays/syncprov.c:1.17 --- OpenLDAP/servers/slapd/overlays/syncprov.c:1.16 Fri Apr 18 10:56:41 2008 +++ OpenLDAP/servers/slapd/overlays/syncprov.c Tue Apr 22 16:38:27 2008 @@ -738,6 +738,13 @@ ldap_pvt_thread_mutex_unlock( &so->s_mutex ); return; } + if ( so->s_qtask ) { + ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); + if ( ldap_pvt_runqueue_isrunning( &slapd_rq, so->s_qtask ) ) + ldap_pvt_runqueue_stoptask( &slapd_rq, so->s_qtask ); + ldap_pvt_runqueue_remove( &slapd_rq, so->s_qtask ); + ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); + } ldap_pvt_thread_mutex_unlock( &so->s_mutex ); if ( so->s_flags & PS_IS_DETACHED ) { filter_free( so->s_op->ors_filter );