[Date Prev][Date Next] [Chronological] [Thread] [Top]

core dump in numericStringNormalize() (ITS#1254)



Full_Name: Peter Watkins
Version: 2.0.11
OS: Solaris 2.6
URL: 
Submission from: (NULL) (208.252.129.98)


Our schema defines an optional numeric atttribute (EQUALITY numericStringMatch,
SUBSTR numericStringSubstringsMatch). I am trying to search for objects by that
attribute, with this code

ldap_search_ext_s( ldap, BASE, SCOPE, filter, attribs, 0, NULL, NULL,
                          LDAP_MSG_ONE, 0, &result)

Thepreceding ldap_init() and ldap_simple_bind_s() work fine. If filter is
"(attrName=*)" then the search works (returns no data, but likely because I've
specified LDAP_MSG_ONE). But if filter looks like "(attrName=1234)" then slapd
dumps core. Here's the last few lines that I see in "-d 9" debug mode:

send_ldap_result: conn=0 op=0 p=2
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 8
daemon: activity on 1 descriptors
daemon: activity on: 8r
daemon: read activity on 8
connection_get(8): got connid=0
connection_read(8): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 295 contents:
deferring operation
ber_get_next
ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=7 active_threads=1 tvp=NULL
do_search
ber_scanf fmt ({aiiiib) ber:
ber_scanf fmt ({oo}) ber:
Assertion failed: newval->bv_val < p, file schema_init.c, line 3221

This failed assertion sounds a lot like what is reported in this message:

http://www.openldap.org/lists/openldap-bugs/200008/msg00023.html

My guess is that 
  assert( newval->bv_val < p );
on line 3221 of schema_init.c really should be
  assert( newval->bv_val <= p );
because if the last char in val (as passed to numericStringNormalize()) is not
one recognized as whitespace by ASCII_SPACE, then at line 3221, newval->bv_val
and p should point at the same address space.

Testing, this seems right. If I search for "(attrName=1234 )" (note the trailing
space), then everything works beautifully, and I get my desired results. Even if
"(attrName=1234)" were an illegal filter, and I doun't think it is, there's no
reason slapd should dump core.

I'll make the change in our code over here, but appreciate feedback on whether
I've got this right.

(And thank you all for your work on this project!)

-Peter