Closed Bug 179951 Opened 22 years ago Closed 22 years ago

libprldap "cross thread" memory leak

Categories

(Directory :: LDAP C SDK, defect, P1)

Product:
Directory
Component:
LDAP C SDK
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mcs, Assigned: mcs)

Details

Attachments

(1 file)

proposed fix
5.77 KB, patch
Details | Diff | Splinter Review 
If a different thread calls ldap_unbind() than created or used an LDAP session,
the thread-private error information stored by the prldap layer is leaked.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 5.11
Attached patch proposed fixSplinter Review 
There were actually two problems:

1) The prldap_tsd_destroy() function (which is called when a thread exits) was
not freeing the information contained within the PRLDAP_ErrorInfo structure. I
added a prldap_free_errorinfo() and a way to determine if that thread-private
data looks like error information (the plei_magic field). Right now, we only
store one kind of thread-private data anyway.

2) The prldap_allocate_map() function, which is called when a new LDAP session
is created, was blindly setting the thread-private error information pointer to
NULL. But if a different thread created or used an LDAP session than called
ldap_unbind(), old error information may still be present in memory. Now we
reset it and reuse it, which was my original intent when I wrote the prldap
code.
Attachment #106101 - Flags: review?(mcs)
Attachment #106101 - Flags: review?(mcs) → review?(richm)
Fix looks good.
Fixed on the trunk:

mozilla/directory/c-sdk/ldap/libraries/libprldap/ldappr-threads.c
  new revision: 5.2; previous revision: 5.1
    Fix bug # 179951 - libprldap "cross thread" memory leak.
        The prldap_tsd_destroy() function (which is called when a
        the PRLDAP_ErrorInfo structure. Added prldap_free_errorinfo()
        and a way to determine if that thread-private data looks like
        error information (the plei_magic field). At the moment, only
        one kind of thread-private data is stored anyway (the error
        information).

        The prldap_allocate_map() function, which is called when a new
        LDAP session is created, was blindly setting the thread-private
        error information pointer to NULL. But if a different thread
        created or used an LDAP session than called ldap_unbind(), old
        error information may have been left in memory. Now the error
        info. pointer is reset and reused, which was the original goal.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Attachment #106101 - Flags: review?(richm)
Spam for bug 129472
QA Contact: nobody → nobody
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: