[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crashes during search query (ITS#1570)

To: openldap-its@OpenLDAP.org
Subject: Re: slapd crashes during search query (ITS#1570)
From: Thomas.Koch@atlantec-es.com
Date: Tue, 5 Feb 2002 15:41:46 GMT

I have further investigated this problem, which has now
also been verified on Solaris 2.8.

It seems to be the same problem reported earlier in Oct 2001.

In servers/slapd/back-ldbm/idl.c, function idl_intersection(), 
inserting a minimal check (see below) for writing past the end 
of the ID_BLOCK will create a core dump very quickly when 
running a bunch of searches involving intersect. 

If the overwritten area happens to be some other allocated malloc 
block, you get the problem reported in ITS#1570. 

I can also see, that the idl_intersect() method sometimes generates 
resulting ID_BLOCK results containing duplicate IDs. I'm not sure 
if that is intended.

Thomas

*** idl.c~      Tue Jan 22 17:47:39 2002
--- idl.c       Fri Feb  1 16:48:05 2002
***************
*** 936,938 ****
                if ( ID_BLOCK_ID(b, bi) == ID_BLOCK_ID(a, ai) ) {
!                       ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
                }
--- 936,941 ----
                if ( ID_BLOCK_ID(b, bi) == ID_BLOCK_ID(a, ai) ) {
!                       if (ID_BLOCK_NMAX(n) <= ni) {
!                               abort();
!                       }
!                       ID_BLOCK_ID(n, ni++) = ID_BLOCK_ID(a, ai);
                }

> On Wednesday, 30. January 2002 18:42, I wrote:
>
> This is what we got from running with MALLOC_CHECK_=2 ...
>
>

Prev by Date: Re: NetBSD regex problem?? (ITS#1579)
Next by Date: Re: NetBSD regex problem?? (ITS#1579)
Index(es):
- Chronological
- Thread