Chen, Shi Jun SLC CT PEK wrote:

I encount a strange problem while using variable allocated by ber_memalloc_x().

For each operation request, slapd will malloc a buffer to contain the DN and NDN by using ber_memalloc_x() for fields o_req_dn & o_req_ndn in struct operation. Now I want to rewrite the DN and NDN myself, and below is the code. I always get segment fault while running it. But when I set MALLOC_CHECK_, the code does work and will not be crashed.

So what's the matter of my code?

Your realloc is one byte too short. This is the typical off-by-one error that all beginning C programmers make.

-Shijun Chen-

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ... wrap_dn(op->o_req_dn, op->o_tmpmemctx); ...

wrap_dn(struct berval *dn, void *ctx) { char *tmp_buf=NULL, *psub=NULL; int len_tmp_buf=0;

lem_tmp_buf = dn->bv_len + 5;
dn->bv_val = LDAP_REALLOCX(dn->bv_val, len_tmp_buf, ctx);
dn->bv_len = len_tmp_buf;

tmp_buf = malloc(len_tmp_buf + 1);
memset(tmp_buf, 0, len_tmp_buf + 1);
memcpy(tmp_buf, dn->bv_val, len_tmp_buf);

psub = strcasestr(tmp_buf, "dc=com");

assert( psub != NULL);
sprintf(p_sub, "dc=1,%s", "dc=com");

memcpy(dn->bv_val, tmp_buf, len_tmp_buf);

free(tmp_buf);

return;

} =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+