Bug 458677 - Memory leaks in index code doing indexed & range & matching rule searches
Memory leaks in index code doing indexed & range & matching rule searches
Status: CLOSED ERRATA
Product: 389
Classification: Community
Component: Database - Indexes/Searches (Show other bugs)
1.1.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
: Security
Depends On:
Blocks: 249650 FDS112 453229 CVE-2008-3283
  Show dependency treegraph
 
Reported: 2008-08-11 10:57 EDT by Rich Megginson
Modified: 2015-01-04 18:33 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-27 16:39:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (3.42 KB, patch)
2008-08-11 10:58 EDT, Rich Megginson
no flags Details | Diff
cvs commit log - DS8.0 (192 bytes, text/plain)
2008-08-12 18:30 EDT, Rich Megginson
no flags Details
cvs commit log - HEAD (186 bytes, text/plain)
2008-08-27 17:10 EDT, Rich Megginson
no flags Details

  None (edit)
Description Rich Megginson 2008-08-11 10:57:15 EDT
This leak occurs when doing ranged, indexed searches.  The code calls index2prefix to get the index prefix.  In the case of a matching rule search, this prefix is allocated.  The function free_prefix was not being called in all cases.
Comment 1 Rich Megginson 2008-08-11 10:58:08 EDT
Created attachment 313973 [details]
diffs
Comment 2 Nathan Kinder 2008-08-11 11:37:30 EDT
Does free_prefix() deal with the passed parameter being NULL properly?
Comment 3 Rich Megginson 2008-08-11 11:49:13 EDT
(In reply to comment #2)
> Does free_prefix() deal with the passed parameter being NULL properly?

Yes.
static void
free_prefix (char* prefix)
{
    if (prefix == NULL ||
	prefix == prefix_PRESENCE ||
	prefix == prefix_EQUALITY ||
	prefix == prefix_APPROX ||
	prefix == prefix_SUB) {
	/* do nothing */
    } else {
	slapi_ch_free( (void**)&prefix);
    }
}
Comment 4 Rich Megginson 2008-08-11 12:49:42 EDT
This bug can be triggered by an anonymous user.  There is no easy way to mitigate this issue - either disable the index, or disallow anonymous searches.
Comment 5 Rich Megginson 2008-08-12 18:30:33 EDT
Created attachment 314150 [details]
cvs commit log - DS8.0

Reviewed by: nkinder (Thanks!)
Fix Description: This leak occurs when doing ranged, indexed searches.  The code calls
index2prefix to get the index prefix.  In the case of a matching rule search,
this prefix is allocated.  The function free_prefix was not being called in all
cases.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Comment 7 Jenny Galipeau 2008-08-19 16:30:28 EDT
How can QE verify this?  What to look for in the valgrind output?
Comment 8 Rich Megginson 2008-08-19 16:39:04 EDT
(In reply to comment #7)
> How can QE verify this?  What to look for in the valgrind output?

Look for a memory leak in index_range_read()
Comment 9 Jenny Galipeau 2008-08-21 13:49:17 EDT
verified 8.0 RHEL4-32, RHEL4-64, RHEL5-32, RHEL5-64
Comment 12 errata-xmlrpc 2008-08-27 16:39:21 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0602.html
Comment 13 Rich Megginson 2008-08-27 17:10:22 EDT
Created attachment 315150 [details]
cvs commit log - HEAD

Note You need to log in before you can comment on or make changes to this bug.