Previously (before commit 4ca6118 and/or svn commit 4776) prehashes and corresponding rbtree nodes were part of struct nsec3_domain_data. Clearing the hash_tree would then mean setting the key value of the nodes to NULL to indicate absence of the prehash. But since prehash structs are separately allocated, this is no longer necessary as currently the prehash structs are simply recycled and NULLed.

Currently we have few reports of corrupted hash_tree's during transfer (issue #18 ). Corruption can be caused, either because the prehashed structs of that specific tree were recycled, without them being removed from the tree. Another possibility is that the nodes use memory from recycled pieces of memory that are still in use.

A corrupted transport that we were able to study was for full zone updates (although by IXFR) only. Since this is the most simple recycle path ( with nsec3_clear_precompile()) which can hardly go wrong, I currently suspect that the corruption emerged from reusing recycled pieces still in use in other places. Not writing to the nodes will ease the search for the actual culprit, for example by compiling with CHECK_DOUBLE_FREE checks which might get triggered with the recycling of the prehash structs in . Before this change, writing to key would cause a crash before this check can be made.

In any case, the corruption should be detected when it occurs perhaps testing for rbtree invariants (left->parent == this etc) and we should not crash because of side effects of such corruption.