[Date Prev][Date Next] [Chronological] [Thread] [Top]

Assertion failure in try_read1msg() (ITS#2982)

To: openldap-its@OpenLDAP.org
Subject: Assertion failure in try_read1msg() (ITS#2982)
From: lukeh@padl.com
Date: Fri, 27 Feb 2004 04:49:17 GMT

Full_Name: Luke Howard
Version: REL_ENG_2_2
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.130.12)


[NB - possibly this is a duplicate of ITS#2212.]

Frequently, but not everytime, I am seeing the following error in random
programs (nss_ldap is being used):

getent: sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid ==
0x3 )' failed.

==14263== Invalid read of size 2
==14263==    at 0x415EE36B: ber_sockbuf_ctrl (sockbuf.c:91)
==14263==    by 0x4158A969: try_read1msg (result.c:986)
==14263==    by 0x415899D0: wait4msg (result.c:375)
==14263==    by 0x41589598: ldap_result (result.c:126)
==14263==    by 0x4158C26F: ldap_search_st (search.c:336)
==14263==    by 0x415461A3: do_search_s (in /lib/libnss_ldap.so.2)
==14263==    by 0x41545FDE: do_with_reconnect (in /lib/libnss_ldap.so.2)
==14263==    by 0x4154645E: _nss_ldap_read (in /lib/libnss_ldap.so.2)
==14263==    by 0x4154CAF4: _nss_ldap_dn2uid (in /lib/libnss_ldap.so.2)
==14263==    by 0x415485BB: _nss_ldap_parse_gr (in /lib/libnss_ldap.so.2)
==14263==    by 0x415462CB: do_parse (in /lib/libnss_ldap.so.2)
==14263==    by 0x41546DAD: _nss_ldap_getent_ex (in /lib/libnss_ldap.so.2)
==14263==    Address 0x41E678B0 is 0 bytes inside a block of size 28 free'd
==14263==    at 0x40029E01: free (vg_replace_malloc.c:231)
==14263==    by 0x415ED2FF: ber_memfree_x (memory.c:153)
==14263==    by 0x415ED34D: ber_memfree (memory.c:166)
==14263==    by 0x415EE2F6: ber_sockbuf_free (sockbuf.c:78)
==14263==    by 0x4159A6C2: ldap_free_connection (request.c:526)
==14263==    by 0x41589FCF: try_read1msg (result.c:817)
==14263==    by 0x415899D0: wait4msg (result.c:375)
==14263==    by 0x41589598: ldap_result (result.c:126)
==14263==    by 0x4158C26F: ldap_search_st (search.c:336)
==14263==    by 0x415461A3: do_search_s (in /lib/libnss_ldap.so.2)
==14263==    by 0x41545FDE: do_with_reconnect (in /lib/libnss_ldap.so.2)
==14263==    by 0x4154645E: _nss_ldap_read (in /lib/libnss_ldap.so.2)

It seems that if try_read1msg() calls ldap_free_connection(), and the reference
count drops to zero, then it has no way of removing it from the linked list of
connections that the caller maintains, as a single connection is passed in as a
parameter.

Quite possibly try_read1msg() shouldn't be trying to free the connection;
someone who understands the code better than I needs to examine this. Certainly,
commenting out the free (see the patch following) fixes the assertion failure,
at the possible expense of introducing a memory leak.

Index: result.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/result.c,v
retrieving revision 1.84.2.4
diff -u -r1.84.2.4 result.c
--- result.c    1 Jan 2004 18:16:30 -0000       1.84.2.4
+++ result.c    27 Feb 2004 04:45:43 -0000
@@ -813,9 +813,11 @@
                                ldap_free_request( ld, lr );
                        }
 
+#if 0
                        if ( lc != NULL ) {
                                ldap_free_connection( ld, lc, 0, 1 );
                        }
+#endif
                }
        }

-- Luke

Prev by Date: RE: slapcat segfaults loading BDB (ITS#2974)
Next by Date: Re: Core dump in monitor backend (ITS#2976)
Index(es):
- Chronological
- Thread