[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd crashes during search query (ITS#1570)
I have further investigated this problem, which has now
also been verified on Solaris 2.8.
It seems to be the same problem reported earlier in Oct 2001.
In servers/slapd/back-ldbm/idl.c, function idl_intersection(),
inserting a minimal check (see below) for writing past the end
of the ID_BLOCK will create a core dump very quickly when
running a bunch of searches involving intersect.
If the overwritten area happens to be some other allocated malloc
block, you get the problem reported in ITS#1570.
I can also see, that the idl_intersect() method sometimes generates
resulting ID_BLOCK results containing duplicate IDs. I'm not sure
if that is intended.
Thomas
*** idl.c~ Tue Jan 22 17:47:39 2002
--- idl.c Fri Feb 1 16:48:05 2002
***************
*** 936,938 ****
if ( ID_BLOCK_ID(b, bi) == ID_BLOCK_ID(a, ai) ) {
! ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
}
--- 936,941 ----
if ( ID_BLOCK_ID(b, bi) == ID_BLOCK_ID(a, ai) ) {
! if (ID_BLOCK_NMAX(n) <= ni) {
! abort();
! }
! ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
}
> On Wednesday, 30. January 2002 18:42, I wrote:
>
> This is what we got from running with MALLOC_CHECK_=2 ...
>
>