We use "r" after we call tdb_access_release() when we find corruption
in the free list. "r" may be a pointer into malloced memory, freed
by tdb_access_release().
}
if (frec_magic(r) != TDB_FREE_MAGIC) {
}
if (frec_magic(r) != TDB_FREE_MAGIC) {
- tdb_access_release(tdb, r);
ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
"lock_and_alloc:"
" %llu non-free 0x%llx",
(long long)off,
(long long)r->magic_and_prev);
ecode = tdb_logerr(tdb, TDB_ERR_CORRUPT, TDB_LOG_ERROR,
"lock_and_alloc:"
" %llu non-free 0x%llx",
(long long)off,
(long long)r->magic_and_prev);
+ tdb_access_release(tdb, r);