From owner-freebsd-bugs  Fri Sep 22 09:38:58 1995
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id JAA09682
          for bugs-outgoing; Fri, 22 Sep 1995 09:38:58 -0700
Received: from irbs.irbs.com (irbs.com [199.182.75.129])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA09677
          for <freebsd-bugs@freebsd.org>; Fri, 22 Sep 1995 09:38:54 -0700
Received: (from jc@localhost) by irbs.irbs.com (8.6.12/8.6.6) id MAA01237 for freebsd-bugs@freebsd.org; Fri, 22 Sep 1995 12:38:51 -0400
From: John Capo <jc@irbs.com>
Message-Id: <199509221638.MAA01237@irbs.irbs.com>
Subject: ypserv cores with phk malloc
To: freebsd-bugs@freebsd.org
Date: Fri, 22 Sep 1995 12:38:49 -0400 (EDT)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1907      
Sender: owner-bugs@freebsd.org
Precedence: bulk

A few months ago I linked the entire system with gnumalloc.  The
only show stopper I found was ypserv.  Its a show stopper again.

I asked these questions at that time on the -current list and had
no response.

Ypserv frees the results of db lookups.  I can't find anything that
says this is the proper action.  Is it?

Looking at the code in db, pointers are returned whithin dbm objects
and freeing them looks bogus to me.

The old malloc silently refused to free the memory due to internal
audit checks.  Gnumalloc and phkmalloc core.

Patches below comment out all of the know bogus and suspect bogus
free calls.  Somebody that is familiar with the db routines needs
to look at this.

John Capo
IRBS Engineering

*** server.c.orig	Fri Sep 22 11:51:31 1995
--- server.c	Fri Sep 22 12:33:33 1995
***************
*** 349,355 ****
--- 349,357 ----
  	    }
  	    if ((dbp->seq)(dbp,&ckey,&dummyval,R_NEXT))
  		ckey.data = NULL;
+ 		/*
  		free(dummyval.data);
+ 		*/
  	}
  	else
  	    ckey = *ikey;
***************
*** 365,372 ****
--- 367,376 ----
  	if ((dbp->get)(dbp,&ckey,dval,0))
  	{
  	    /* Free key, unless it comes from the caller! */
+ 	    /*
  	    if (ikey == NULL || ckey.data != ikey->data)
  		free(ckey.data);
+ 	    */
  
  	    if (ikey && ikey->data != NULL)
  	    {
***************
*** 383,404 ****
--- 387,417 ----
  	{
  	    if (okey)
  		*okey = ckey;
+ 	    /*
  	    else if (ikey == NULL || ikey->data != ckey.data)
  		free(ckey.data);
+ 	    */
  
  	    return YP_TRUE;
  	}
  
  	/* Free old value */
+ 	/*
  	free(dval->data);
+ 	*/
  
  	if ((dbp->seq)(dbp,&nkey,&dummyval,R_NEXT))
  		nkey.data = NULL;
+ 
+ 	/*
  	free(dummyval.data);
+ 	*/
  
  	/* Free old key, unless it comes from the caller! */
+ 	/*
  	if (ikey == NULL || ckey.data != ikey->data)
  	    free(ckey.data);
+ 	    */
  
  	if (ckey.data == NULL || nkey.data == NULL)
  	    return YP_NOMORE;