[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7542) slapd segfault on modify
m.gr@gmx.de wrote:
> Full_Name: Matthias Grau
> Version: 2.4.34
> OS: debian 6.7.0 x64
> URL: ftp://ftp.openldap.org/incoming/matthias.grau.130318.bz2
> Submission from: (NULL) (94.217.193.246)
>
>
> slapd can cause a segfault when sorting values in modify operation.
> Under rare circumstances modify.c:802: jstack += 2; can reach a value of greater
> 63 which leads to an overwritten pointer for AttributeDescription.
Thanks for the report.
> Changing the size of istack from sizeof(int) * 16 to sizeof(int)*16 + 1 solves
> the segfault. But I don't think that's the correct solution.
> As shown here:
> http://theory.stanford.edu/~amitp/rants/c++-vs-c/test5.cc
> there should be a condition to break if jstack reaches the size of of istack.
No. In a correct implementation, jstack can never exceed the size of istack.
This was fixed in similar/identical code elsewhere, e.g. commit
bb36bdcd1c22d1fbc6575452ef5c9112715ab083 and
e1559100eb8e9a664cd68915e5acbf8caa334fa1 but for some reason we missed these
other instances.
Fixed now in git master.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/