This is a multi-part message in MIME format.
--------------080102080503050601010703
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
jclarke@linagora.com a écrit :
Pierangelo Masarati a écrit :
Should be fixed now in HEAD/re24/re23. Please test. p.
I've been testing (at last, sorry for the delay), and I've come across
another memory problem. Backtrace is below, and valgrind output is attached.
Got this one: it was a double-free in sets.c occuring after a
slap_set_join() with lset or rset empty - the non empty set was
returned, and then freed, causing a double-free error or segfault.
The patch attached corrects this problem on RE23 and HEAD for me and
doesn't have any side effects on our test set. However, it may not be
the "right" way - please correct if necessary!
Your recent fixes have solved all the issues from our test cases we were
encountering. Thank you very much for them.
Jon
--
Jonathan Clarke
Cellule OSSA - Groupe LINAGORA
27 rue de Berri, 75008 Paris
Tél: 01 58 18 68 28, fax: 01 58 18 68 29
http://www.linagora.com -
http://www.08000linux.com
--------------080102080503050601010703
Content-Type: text/x-patch;
name="jonathan-clarke-071008.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="jonathan-clarke-071008.patch"
--- servers/slapd/sets.c.orig 2007-10-08 18:20:08.000000000 +0200
+++ servers/slapd/sets.c 2007-10-08 18:22:29.000000000 +0200
@@ -261,11 +261,15 @@
} else {
set = set_dup( cp, lset, SLAP_SET_LREF2REF( op_flags ) );
+ /* set array reference has been copied - don't free */
+ op_flags |= SLAP_SET_LREFVAL | SLAP_SET_LREFARR;
break;
}
} else if ( j == 0 ) {
set = set_dup( cp, rset, SLAP_SET_RREF2REF( op_flags ) );
+ /* set array reference has been copied - don't free */
+ op_flags |= SLAP_SET_RREFVAL | SLAP_SET_RREFARR;
break;
}
--------------080102080503050601010703--