[Date Prev][Date Next] [Chronological] [Thread] [Top]

ber_realloc crash

Hi,

I am using the LIBLBER library for a customised SLAPD. However I am
experiencing a problem at the moment. My SLAPD will crash (access violation)
in the ber_realloc function:

          18996 int
          18997 ber_realloc( BerElement *ber, ber_len_t len )
      1   18998 {
      1   18999         ber_len_t       total;
      1   19000         Seqorset        *s;
      1   19001         long            off;
      1   19002         char            *oldbuf;
      1   19003
      1   19004         assert( ber != NULL );
      1   19005         assert( len > 0 );
      1   19006
      1   19007         assert( BER_VALID( ber ) );
      1   19008
      1   19009         total = ber_pvt_ber_total( ber );
      1   19010
      1   19011 #define EXBUFSIZ        1000
      1   19012         total += len < EXBUFSIZ ? EXBUFSIZ : len;
      1   19013
      1   19014         oldbuf = ber->ber_buf;
      1   19015
      1   19016         ber->ber_buf = (char *) LBER_REALLOC( oldbuf, total
);
      1   19017
      2   19018         if ( ber->ber_buf == NULL ) {
      2   19019                 ber->ber_buf = oldbuf;
      2   19020                 return( -1 );
      1   19021         }
      1   19022
      1   19023         ber->ber_end = ber->ber_buf + total;
      1   19024
      1   19025         /*
      1   19026          * If the stinking thing was moved, we need to go
through and
      1   19027          * reset all the sos and ber pointers.  Offsets
would've been
      1   19028          * a better idea... oh well.
      1   19029          */
      1   19030
      2   19031         if ( ber->ber_buf != oldbuf ) {
      2   19032                 ber->ber_ptr = ber->ber_buf + (ber->ber_ptr
- oldbuf);
      2   19033
      3   19034                 for ( s = ber->ber_sos; s != NULL; s =
s->sos_next ) {
      3   19035                         off = s->sos_first - oldbuf;
      3   19036                         s->sos_first = ber->ber_buf + off;
      3   19037
      3   19038                         off = s->sos_ptr - oldbuf;
      3   19039                         s->sos_ptr = ber->ber_buf + off;
      2   19040                 }
      1   19041         }
      1   19042
      1   19043         return( 0 );
      1   19044 }

More specifically at the line 19035. Can anybody tell why this might be? The
calling function is a modified send_ldap_result.

    l_res_tag = liw_req2res( pi_tag );

    l_res_msgid = (l_res_tag != LBER_SEQUENCE) ? pi_msgid : 0;

    l_ber_elem = ber_alloc_t( LBER_USE_DER );

    if ( l_ber_elem == NULL )
    {
        return LIW_NOSUCCESS;
    }

    l_ret_val = ber_printf( l_ber_elem,
                            "{it{ess",
                            l_res_msgid,
                            l_res_tag,
                            pi_err,
                            "",
                            pi_res_text == NULL ? "" : pi_res_text );
...
...
...
...

Stack dump is as follows:

%SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual
address=000000000000000E, PC=00000000000462A0, PS=0000001B
%TRACE-F-TRACEBACK, symbolic stack dump follows
  image    module    routine             		line      rel PC
abs PC
 LIW  LIW_LBER_IO  ber_realloc          		19035
00000000000006D0 00000000000462A0
 LIW  LIW_LBER_IO  ber_write            		18981
000000000000045C 000000000004602C
 LIW  LIW_LBER_ENCODE  ber_put_tag      	17872 00000000000001A4
000000000004DBB4
 LIW  LIW_LBER_ENCODE  ber_put_int_or_enum
                                        			18006
0000000000000558 000000000004DF68
 LIW  LIW_LBER_ENCODE  ber_printf       	18517 0000000000001E58
000000000004F868
 LIW  LIW_SLAPD_LIB  liw_send_ldap_result	14163 000000000000050C
000000000004574C
 LIW  LIW_SLAPD_LIB  liw_handle_ldap_request	14048 0000000000000278
00000000000454B8

Thanks,

James.