Full_Name: Hallvard B Furuseth Version: OS: URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard

overlays/dynlist.c lines 371-376 sets REP_ENTRY_MUSTBEFREED in rs->sr_flags without duplicating the entry, if REP_ENTRY_MODIFIABLE was set. Thus the entry gets freed twice. Breaks test044-dynlist with back-ldif.

This code snippet fixes it for test044, but it may be the wrong fix: e = rs->sr_entry; e_flags = rs->sr_flags; if ( !( e_flags & REP_ENTRY_MODIFIABLE ) ) { e = entry_dup( e ); if ( e_flags & REP_ENTRY_MUSTBEFREED ) entry_free( rs->sr_entry ); e_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED; }

First, can something have references into the old sr_entry at this point?

Second, there is also a REP_ENTRY_MUSTRELEASE flag which means to call be_entry_release_rw(), maybe that must be handled. Also overlays collect, pcache & valsort ignore REP_ENTRY_MUSTRELEASE.

A common function to handle this might be useful - pass it a SlapResponse, BackendDB and flags to set and flags to unset, and let it free, release or dup what is needed.