https://bugs.openldap.org/show_bug.cgi?id=9415
Issue ID: 9415 Summary: Possible use of memory after free Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs@openldap.org Reporter: cwe@skov.dk Target Milestone: ---
In my code I have a construct like this:
err = mdb_txn_commit(txn); if (err) { mdb_txn_abort(txn); }
I run codesonar on my code and include the lmdb source in the run. Codesonar reports a possible double free for the case where mdb_midl_append_list in mdb.c line 3586 returns ENOMEM. The code following line 3586 will free the txn and return ENOMEM. This will cause my code to call mdb_txn_abort, which will access the freed memory and call free again.
Please ask if more details are needed.
https://bugs.openldap.org/show_bug.cgi?id=9415
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to cwe from comment #0)
In my code I have a construct like this:
err = mdb_txn_commit(txn); if (err) { mdb_txn_abort(txn); }
I run codesonar on my code and include the lmdb source in the run. Codesonar reports a possible double free for the case where mdb_midl_append_list in mdb.c line 3586 returns ENOMEM. The code following line 3586 will free the txn and return ENOMEM. This will cause my code to call mdb_txn_abort, which will access the freed memory and call free again.
Please ask if more details are needed.
Please re-read the documentation of mdb_txn_commit(). Your code is misusing the API. Closing this ITS.
https://bugs.openldap.org/show_bug.cgi?id=9415
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org