1. Docs
  2. Two calls to BIND’s function dns_db_getoriginnode() are fatal if there are no data at the node

Two calls to BIND’s function dns_db_getoriginnode() are fatal if there are no data at the node

I have encountered a weird behavior in RBTDB implementation in BIND bind-9.9.3-P2.

It seems that RBTDB gets corrupted if I do

dns_db_getoriginnode(rbtdb, &node);
dns_db_detachnode(rbtdb, &node);

and then again:

dns_db_getoriginnode(rbtdb, &node);
dns_db_detachnode(rbtdb, &node);

Specifically, the second call to dns_db_getoriginnode() dies with:

INSIST(!((void *)((node)->deadlink.prev) != (void *)(-1))) failed

Note that this happens only if the origin_node in RBTDB is empty at the moment of first dns_db_detachnode() call.

The attached file isc-bugs-35080.c demonstrates it.

© Copyright 2017, bind-dyndb-ldap contributors. Created using Sphinx.