[email protected] wrote: > Full_Name: kevin > Version: 2.4.35 > OS: ubuntu > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (202.64.130.126) > > > The problem is due to double free pointers in send_page() and free_sort_op() > function. > > In send_page function, some nodes of so_tree have been free by ch_free and > ber_memfree function. If a client suddenly aborts the connection, free_sort_op > function will be called. In free_sort_op function, tavl_free() will be called > and it try to free the nodes of so_tree. Hoverer, some of nodes had already > free > before and segmentation resulted. > > A possible solution is to to check whether it is a paged request in > free_sort_op > function. If yes, continuous to free the next node of so_tree but not free > previous node.
Thanks for the report. The fix is simpler than that, and now in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
