Issue 7666 - segfault when searching regex minus than 3 characters over translucent
Summary: segfault when searching regex minus than 3 characters over translucent
Status: VERIFIED FEEDBACK
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-14 08:10 UTC by theju@yopmail.com
Modified: 2021-08-03 18:13 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description theju@yopmail.com 2013-08-14 08:10:33 UTC
Full_Name: Ju
Version: openldap-2.4.35
OS: debian 6.0.7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.49.133.163)


Server crash with a segfault error 4 in libc-2.11.3.so when searching with
expression like "(attr=*123*)" over translucent (minus than 3 characteres)

I have custom attributes providen by translucent : 

slapd.conf :
[...]
index Application  eq,pres,sub

overlay         translucent
translucent_no_glue off
translucent_strict off
translucent_local Application

[..]

Schema : 

attributetype ( 1.3.6.1.4.1.10000.13.2.20
        NAME 'Application'
        DESC 'Acces sur les application'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )


ex :
ldapserch "(application=*1234*) -> OK
ldapserch "(application=*123*) -> Segfault
ldapserch "(application=*12*) -> Segfault
ldapserch "(application=*1*) -> Segfault


I'm I commited a misake or is there really a bug ? 

Thank you
Ju
Comment 1 Howard Chu 2013-08-14 10:59:18 UTC
theju@yopmail.com wrote:
> Full_Name: Ju
> Version: openldap-2.4.35
> OS: debian 6.0.7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (193.49.133.163)
>
>
> Server crash with a segfault error 4 in libc-2.11.3.so when searching with
> expression like "(attr=*123*)" over translucent (minus than 3 characteres)

Please provide the full stack trace from the crash.
http://www.openldap.org/faq/data/cache/59.html

I see no crash here, please provide a more complete slapd.conf and sample LDIF 
to reproduce the crash.

> I have custom attributes providen by translucent :
>
> slapd.conf :
> [...]
> index Application  eq,pres,sub
>
> overlay         translucent
> translucent_no_glue off
> translucent_strict off
> translucent_local Application
>
> [..]
>
> Schema :
>
> attributetype ( 1.3.6.1.4.1.10000.13.2.20
>          NAME 'Application'
>          DESC 'Acces sur les application'
>          EQUALITY caseIgnoreMatch
>          SUBSTR caseIgnoreSubstringsMatch
>          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>
> ex :
> ldapserch "(application=*1234*) -> OK
> ldapserch "(application=*123*) -> Segfault
> ldapserch "(application=*12*) -> Segfault
> ldapserch "(application=*1*) -> Segfault
>
>
> I'm I commited a misake or is there really a bug ?
>
> Thank you
> Ju
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 theju ju 2013-08-14 12:08:14 UTC
Here is the stack:


gdb slapd
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/slapd...(no debugging symbols found)...done.

(gdb) run -d0
Starting program: /usr/sbin/slapd -d0
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffb1e4e700 (LWP 18590)]
[New Thread 0x7fffb164d700 (LWP 18592)]

--->>> search ldap here


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffb164d700 (LWP 18592)]
0x00007ffff678d0bc in ?? () from /lib/libc.so.6
(gdb) bt full
#0  0x00007ffff678d0bc in ?? () from /lib/libc.so.6
No symbol table info available.
#1  0x00000000005720a1 in ?? ()
No symbol table info available.
#2  0x00000000004dae90 in ?? ()
No symbol table info available.
#3  0x00000000004db460 in ?? ()
No symbol table info available.
#4  0x000000000049b274 in ?? ()
No symbol table info available.
#5  0x0000000000489077 in ?? ()
No symbol table info available.
#6  0x000000000055f546 in ?? ()
No symbol table info available.
#7  0x0000000000488f8a in ?? ()
No symbol table info available.
#8  0x0000000000489a57 in ?? ()
No symbol table info available.
#9  0x0000000000424151 in ?? ()
No symbol table info available.
#10 0x000000000042497c in ?? ()
No symbol table info available.
#11 0x0000000000421eb9 in ?? ()
No symbol table info available.
#12 0x00000000004226a5 in ?? ()
No symbol table info available.
#13 0x0000000000576780 in ?? ()
No symbol table info available.
#14 0x00007ffff784f8ca in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#15 0x00007ffff6754b6d in clone () from /lib/libc.so.6
No symbol table info available.
#16 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)


(gdb) thread apply all bt

Thread 3 (Thread 0x7fffb164d700 (LWP 18592)):
#0  0x00007ffff678d0bc in ?? () from /lib/libc.so.6
#1  0x00000000005720a1 in ?? ()
#2  0x00000000004dae90 in ?? ()
#3  0x00000000004db460 in ?? ()
#4  0x000000000049b274 in ?? ()
#5  0x0000000000489077 in ?? ()
#6  0x000000000055f546 in ?? ()
#7  0x0000000000488f8a in ?? ()
#8  0x0000000000489a57 in ?? ()
#9  0x0000000000424151 in ?? ()
#10 0x000000000042497c in ?? ()
#11 0x0000000000421eb9 in ?? ()
#12 0x00000000004226a5 in ?? ()
#13 0x0000000000576780 in ?? ()
#14 0x00007ffff784f8ca in start_thread () from /lib/libpthread.so.0
#15 0x00007ffff6754b6d in clone () from /lib/libc.so.6
#16 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fffb1e4e700 (LWP 18590)):
#0  0x00007ffff6755163 in epoll_wait () from /lib/libc.so.6
#1  0x000000000041f1ea in ?? ()
#2  0x00007ffff784f8ca in start_thread () from /lib/libpthread.so.0
#3  0x00007ffff6754b6d in clone () from /lib/libc.so.6
#4  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ffff7fef700 (LWP 18587)):
#0  0x00007ffff7850c75 in pthread_join () from /lib/libpthread.so.0
#1  0x000000000041c5d9 in ?? ()
#2  0x0000000000408d6b in ?? ()
#3  0x00007ffff66a3c8d in __libc_start_main () from /lib/libc.so.6
#4  0x00000000004075f9 in ?? ()
#5  0x00007fffffffe8b8 in ?? ()
#6  0x000000000000001c in ?? ()
#7  0x0000000000000002 in ?? ()
#8  0x00007fffffffeb01 in ?? ()
#9  0x00007fffffffeb11 in ?? ()
#10 0x0000000000000000 in ?? ()
Comment 3 Howard Chu 2013-08-14 12:19:24 UTC
theju3434@gmail.com wrote:
> --047d7b34397049627604e3e73688
> Content-Type: text/plain; charset=ISO-8859-1
>
> Here is the stack:
>
>
> gdb slapd
> GNU gdb (GDB) 7.0.1-debian
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/sbin/slapd...(no debugging symbols found)...done.

This trace is useless since it doesn't have any symbols. Please reread the FAQ 
article in my previous reply.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 4 theju ju 2013-08-14 12:22:09 UTC
# schema.perso/c.schema

attributetype ( 1.3.6.1.4.1.10000.13.2.20
        NAME 'Application'
        DESC 'Acces sur les application'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass (  1.3.6.1.4.1.10013.2.2.1.0.0
        NAME 'cPerson'
        SUP 'inetOrgPerson'
        STRUCTURAL
        MUST (  uid )
        MAY ( Application) )



#slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema.perso/c.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel      2

allow bind_v2

# The maximum number of entries that is returned for a search operation
sizelimit       500000

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads    1


database        bdb

# The base of your directory in database #1
suffix          "ou=People,dc=c,dc=fr"

# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.
rootdn          "cn=admin,ou=People,dc=c,dc=fr"
rootpw          "password"


# Where the database file are physically stored for database #1
directory       "/var/lib/ldap-people"

dbconfig set_cachesize 0 536870912 0
dbconfig set_flags    DB_LOG_AUTOREMOVE
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500


index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uid                               eq,pres
index Application                eq,pres,sub


overlay         translucent

# on demande que les resultats des 2 annuaires soient mergés
translucent_no_glue off
translucent_strict off

#liste des attribut a chercher sur l'overlay
translucent_local Application
#liste des attributs a chercher sur le master
translucent_remote
sn,GivenName,mail,street,Postalcode,l,uid,facsimileTelephoneNumber

#activation du bind local
translucent_bind_local on

# activation de la possibilité de changer le mot de passe
translucent_pwmod_local on

uri             ldap://ldapr.c.fr
lastmod         off
acl-bind        binddn="cn=admin,ou=People,dc=c,dc=fr"
credentials="password"

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,ou=People,dc=c,dc=fr" write
        by anonymous auth
        by self write
        by * none

access to dn.base=""
        by * read


Ex user :

dn: uid=w.k.1,ou=c,ou=People,dc=c,dc=fr
displayName: K W
givenName: W
postalCode: 44095
objectClass: cPerson
uid: w.k.1
mail: w.k@mail.fr
cn: K W
telephoneNumber: 06 06 06 06 06
o: C
l: MON
sn: KNAP
Application: contrat:ABC221:082534


2013/8/14 Howard Chu <hyc@symas.com>

> theju3434@gmail.com wrote:
>
>> --047d7b34397049627604e3e73688
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>>
>> Here is the stack:
>>
>>
>> gdb slapd
>> GNU gdb (GDB) 7.0.1-debian
>> Copyright (C) 2009 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.*
>> *html <http://gnu.org/licenses/gpl.html>
>>
>>>
>>>  This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "x86_64-linux-gnu".
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/**gdb/bugs/<http://www.gnu.org/software/gdb/bugs/>
>> >...
>> Reading symbols from /usr/sbin/slapd...(no debugging symbols
>> found)...done.
>>
>
> This trace is useless since it doesn't have any symbols. Please reread the
> FAQ article in my previous reply.
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/**project/<http://www.openldap.org/project/>
>
Comment 5 theju ju 2013-08-14 12:36:52 UTC
Sorry,

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffb164d700 (LWP 18682)]
0x00007ffff678d0bc in ?? () from /lib/libc.so.6
(gdb)  bt full
#0  0x00007ffff678d0bc in ?? () from /lib/libc.so.6
No symbol table info available.
#1  0x00000000005720a1 in avl_find (root=0xd13ea0, data=0x7fffb14cb0a0,
fcmp=0x4da000 <bdb_rdn_cmp>) at avl.c:545
        cmp = <value optimized out>
#2  0x00000000004dae90 in bdb_cache_find_ndn (op=<value optimized out>,
txn=<value optimized out>, ndn=0xb3cda0, res=0x7fffb164b5e8) at cache.c:443
        bdb = 0x97bf20
        ei = {bei_parent = 0x97bfa0, bei_id = 140736167981340, bei_lockpad
= -20208, bei_state = -20148, bei_finders = 32767, bei_nrdn = {bv_len = 23,
            bv_val = 0x1b <Address 0x1b out of bounds>}, bei_e = 0x0,
bei_kids = 0x0, bei_kids_mutex = {__data = {__lock = 270, __count = 0,
__owner = 16, __nusers = 0,
              __kind = -1320374016, __spins = 32767, __list = {__prev =
0x7fffb14cb102, __next = 0x0}},
            __size =
"\016\001\000\000\000\000\000\000\020\000\000\000\000\000\000\000\000\261L\261\377\177\000\000\002\261L\261\377\177\000\000\000\000\000\000\000\000\000",

            __align = 270}, bei_lrunext = 0x633d646975330000, bei_lruprev =
0x69622e657269616c}
        eip = 0x97bfa0
        ei2 = 0xa5eda0
        rc = <value optimized out>
        ptr = 0x1b <Address 0x1b out of bounds>
#3  0x00000000004db460 in bdb_cache_find_id (op=0xa652f0, tid=<value
optimized out>, id=<value optimized out>, eip=0x7fffb164b5e8, flag=2,
lock=0x7fffb164b570) at cache.c:923
        bdb = 0x97bf20
        ep = 0xb3cd88
        rc = <value optimized out>
        load = <value optimized out>
        ei = {bei_parent = 0x0, bei_id = 1331, bei_lockpad = 0, bei_state =
0, bei_finders = 0, bei_nrdn = {bv_len = 0, bv_val = 0x0}, bei_e = 0x0,
bei_kids = 0x0, bei_kids_mutex = {
            __data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size =
'\000' <repeats 39 times>,
            __align = 0}, bei_lrunext = 0x0, bei_lruprev = 0x0}
#4  0x000000000049b274 in bdb_search (op=0xa652f0, rs=0x7fffb164ca40) at
search.c:737
        scopeok = <value optimized out>
        bdb = 0x97bf20
        id = <value optimized out>
        cursor = 1331
        lastid = 18446744073709551615
        candidates = {18446744073709551615, 1, 1358, 96, 130, 225, 243,
267, 305, 325, 402, 420, 430, 464, 494, 518, 585, 606, 683, 762, 774, 854,
904, 1006, 1010,
          0 <repeats 131047 times>}
        scopes = {0 <repeats 64885 times>, 112, 0, 140737330949800, 0, 96,
30064771072, 140737330949744, 144, 30064771072, 0, 96, 140737330949696, 96,
140736169549664,
          140736169549856, 18678, 140737327905904, 0, 96, 140736169554240,
140736169554064, 140736169549664, 140737328407145, 8589950976, 33022,
4857321309812969474, 140736169549712,
          0, 0, 4295000064, 0, 72057594037927936, 140736169549760, 0,
140737328406892, 8589940736, 0, 10485842016695418880, 140736169549808, 0,
0, 4294969344, 0, 72058143793676288,
          0, 0, 140737328406892, 562962838323220, 80222775637897,
4294967296, 65556, 0, 1688935776387072, 18446744073709551615,
2044404433372, 563035852767296, 80222775637897,
          12842975242, 141828410114068, 18398981297188896768,
1688936890543102, 18446744073709551615, 2065879269857, 0 <repeats 265
times>, 140737346106200, 0, 0, 24,
          140737346106200, 140736169552160, 0, 24, 140736169552272,
140736169552192, 0, 0, 0, 2050, 17, 1, 5909838, 0, 13733440, 17, 5910105, 0
<repeats 33 times>, 5709985,
          140736169555760, 140736169560672, 140736169555920, 4603268,
12663952, 4597084, 0 <repeats 19 times>, 5709985, 140736169555968,
140736169560672, 140736169556192, 4603268,
          140736169556112, 4597084, 140736169556144, 4603268,
140736169556120, 4597084, 0, 5709985, 140736169556064, 140736169556224,
12663576, 4603268, 140736169556232, 4597084, 0,
          1, 5949064, 5949064, 0, 0, 0, 0, 140736169554320, 0, 5949054, 0,
140736169554752, 140736169554736, 7, 140736169555104, 140736169554752,
140737327689241, 140736169553280, 1,
          6046159, 6046159, 140736169554416, 18446744073709551615,
12664240, 140736169554280, 140736169554464, 0, 6046156, 0, 140736169554896,
140736169554880, 3, 140736169555248,
          140736169554896, 140737327689241, 140736169553424, 2, 5948970,
5948970, 140733193388032, 18446744069414584320, 115, 140736169554424,
140736169554608, 0, 5948966, 0, 0,
          140736169554716...}
        e = 0xb3cd88
        base = {e_id = 1, e_name = {bv_len = 140736169554992, bv_val =
0xa64a9a ""}, e_nname = {bv_len = 23, bv_val = 0xd18db0
"ou=people,dc=c,dc=fr"}, e_attrs = 0x7ffff69e2e40,
          e_ocflags = 0, e_bv = {bv_len = 10898074, bv_val = 0xa64aa0 ""},
e_private = 0xa659c0}
        e_root = <value optimized out>
        matched = 0x0
        ei = 0x0
        realbase = {bv_len = 23, bv_val = 0xd18db0 "ou=people,dc=c,dc=fr"}
        mask = <value optimized out>
        manageDSAit = <value optimized out>
        tentries = 1358
        nentries = <value optimized out>
        idflag = 2
        lock = {off = 0, ndx = 270, gen = 248, mode = DB_LOCK_READ}
        opinfo = 0x0
        ltid = 0xa658b0
        oex = <value optimized out>
#5  0x0000000000489077 in overlay_op_walk (op=0xa652f0, rs=0x7fffb164ca40,
which=<value optimized out>, oi=0x9b99a0, on=0x0) at backover.c:671
        rc = 32768
#6  0x000000000055f546 in translucent_search (op=0xa652f0,
rs=0x7fffb164ca40) at translucent.c:1122
        on = 0x9b9b80
        ov = 0x9b9d60
        cb = {sc_next = 0x7fffb164b930, sc_response = 0x55f680
<translucent_search_cb>, sc_cleanup = 0, sc_private = 0x7fffb164b6c0}
        tc = {db = 0x7fffb164b7a0, on = 0x9b9b80, orig = 0xc13ce8, list =
0x0, step = 1, slimit = 500000, attrs = 0x0}
        fl = 0xc13da0
        fr = 0x0
        rc = 0
#7  0x0000000000488f8a in overlay_op_walk (op=0xa652f0, rs=0x7fffb164ca40,
which=<value optimized out>, oi=0x9b99a0, on=0x9b9b80) at backover.c:661
        rc = -1318794336
#8  0x0000000000489a57 in over_op_func (op=0xa652f0, rs=0x1b, which=23) at
backover.c:723
        oi = 0x48fa
        on = 0x97bfd8
        be = 0x97bd80
        db = {bd_info = 0x844bc0, bd_self = 0x97bd80, be_ctrls =
"\000\000\000\001\001\001\000\001\000\000\001\000\000\001\001\000\001",
'\000' <repeats 15 times>, "\001",
          be_flags = 2315, be_restrictops = 0, be_requires = 0, be_ssf_set
= {sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0,
sss_update_ssf = 0, sss_update_transport = 0,
            sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0},
be_suffix = 0x97d380, be_nsuffix = 0x97d4b0, be_schemadn = {bv_len = 0,
bv_val = 0x0}, be_schemandn = {
            bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 32, bv_val =
0x97d5c0 "cn=admin,ou=People,dc=c,dc=fr"}, be_rootndn = {bv_len = 32,
            bv_val = 0x97d610 "cn=admin,ou=people,dc=c,dc=fr"}, be_rootpw =
{bv_len = 9, bv_val = 0x97d460 "password"}, be_max_deref_depth = 15,
be_def_limit = {
            lms_t_soft = 3600, lms_t_hard = 0, lms_s_soft = 500000,
lms_s_hard = 0, lms_s_unchecked = -1, lms_s_pr = 0, lms_s_pr_hide = 0,
lms_s_pr_total = 0}, be_limits = 0x0,
          be_acl = 0x9bc820, be_dfltaccess = ACL_READ, be_extra_anlist =
0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0,
be_pending_csn_list = 0xa5b830,
          be_pcl_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next =
0x0}},
            __size = '\000' <repeats 39 times>, __align = 0}, be_syncinfo =
0x0, be_pb = 0x0, be_cf_ocs = 0x849580, be_private = 0x97bf20, be_next =
{stqe_next = 0x9bd7c0}}
        cb = {sc_next = 0x0, sc_response = 0x488d00 <over_back_response>,
sc_cleanup = 0, sc_private = 0x9b99a0}
        sc = <value optimized out>
        rc = 27
        __PRETTY_FUNCTION__ = "over_op_func"
#9  0x0000000000424151 in fe_op_search (op=0xa652f0, rs=0x7fffb164ca40) at
search.c:402
        bd = 0x851ca0
#10 0x000000000042497c in do_search (op=0xa652f0, rs=0x7fffb164ca40) at
search.c:247
        base = {bv_len = 23, bv_val = 0xd1bef7 "ou=People,dc=c,dc=fr"}
        siz = 0
        i = 140736169560992
#11 0x0000000000421eb9 in connection_operation (ctx=0x7fffb164cba0,
arg_v=<value optimized out>) at connection.c:1155
        rc = <value optimized out>
        cancel = <value optimized out>
        op = 0xa652f0
        rs = {sr_type = REP_SEARCH, sr_tag = 0, sr_msgid = 0, sr_err = 5,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un =
{sru_search = {r_entry = 0x0,
              r_attr_flags = 0, r_operational_attrs = 0x0, r_attrs = 0x0,
r_nentries = 4, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended
= {r_rspoid = 0x0,
              r_rspdata = 0x0}}, sr_flags = 0}
        tag = 99
        opidx = SLAP_OP_SEARCH
        conn = 0x7ffff7f3fed0
        memctx = 0xa64b10
        memctx_null = 0x0
        __PRETTY_FUNCTION__ = "connection_operation"
#12 0x00000000004226a5 in connection_read_thread (ctx=<value optimized
out>, argv=<value optimized out>) at connection.c:1291
        s = 17
#13 0x0000000000576780 in ldap_int_thread_pool_wrapper (xpool=<value
optimized out>) at tpool.c:688
        pool = 0x9259b0
        task = 0xa63430
        work_list = <value optimized out>
        ctx = {ltu_id = 140736169563904, ltu_key = {{ltk_key = 0x420bb0,
ltk_data = 0xa65740, ltk_free = 0x420c80 <conn_counter_destroy>}, {ltk_key
= 0x474e80, ltk_data = 0xa64b10,
              ltk_free = 0x474ea0 <slap_sl_mem_destroy>}, {ltk_key =
0x435150, ltk_data = 0x0, ltk_free = 0x434f30 <slap_op_q_destroy>},
{ltk_key = 0xa5b850, ltk_data = 0xa658b0,
              ltk_free = 0x4d9810 <bdb_reader_free>}, {ltk_key = 0x499860,
ltk_data = 0x7fffafe4c010, ltk_free = 0x499930 <search_stack_free>},
{ltk_key = 0x0, ltk_data = 0x0,
              ltk_free = 0} <repeats 24 times>, {ltk_key = 0x0, ltk_data =
0x7ffff7850927, ltk_free = 0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free =
0}, {ltk_key = 0x0,
              ltk_data = 0x0, ltk_free = 0}}}
        kctx = <value optimized out>
        keyslot = 74
        hash = <value optimized out>
        __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#14 0x00007ffff784f8ca in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#15 0x00007ffff6754b6d in clone () from /lib/libc.so.6
No symbol table info available.
#16 0x0000000000000000 in ?? ()
No symbol table info available.


Thank you
Ju
Comment 6 Howard Chu 2013-08-23 14:40:06 UTC
I tried to use your configuration to reproduce your error but saw no crash. 
Probably there are other elements of the configuration or test data missing, 
or the exact sequence of steps you followed is missing.

theju ju wrote:
> # schema.perso/c.schema
>
> attributetype ( 1.3.6.1.4.1.10000.13.2.20
>          NAME 'Application'
>          DESC 'Acces sur les application'
>          EQUALITY caseIgnoreMatch
>          SUBSTR caseIgnoreSubstringsMatch
>          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
> objectclass (  1.3.6.1.4.1.10013.2.2.1.0.0
>          NAME 'cPerson'
>          SUP 'inetOrgPerson'
>          STRUCTURAL
>          MUST (  uid )
>          MAY ( Application) )
>
>
>
> #slapd.conf
>
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema.perso/c.schema
>
> pidfile         /var/run/slapd/slapd.pid
> argsfile        /var/run/slapd/slapd.args
> loglevel      2
>
> allow bind_v2
>
> # The maximum number of entries that is returned for a search operation
> sizelimit       500000
>
> # The tool-threads parameter sets the actual amount of cpu's that is used
> # for indexing.
> tool-threads    1
>
>
> database        bdb
>
> # The base of your directory in database #1
> suffix          "ou=People,dc=c,dc=fr"
>
> # rootdn directive for specifying a superuser on the database. This is needed
> # for syncrepl.
> rootdn          "cn=admin,ou=People,dc=c,dc=fr"
> rootpw          "password"
>
>
> # Where the database file are physically stored for database #1
> directory       "/var/lib/ldap-people"
>
> dbconfig set_cachesize 0 536870912 0
> dbconfig set_flags    DB_LOG_AUTOREMOVE
> dbconfig set_lk_max_objects 1500
> dbconfig set_lk_max_locks 1500
> dbconfig set_lk_max_lockers 1500
>
>
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uid                               eq,pres
> index Application                eq,pres,sub
>
>
> overlay         translucent
>
> # on demande que les resultats des 2 annuaires soient mergés
> translucent_no_glue off
> translucent_strict off
>
> #liste des attribut a chercher sur l'overlay
> translucent_local Application
> #liste des attributs a chercher sur le master
> translucent_remote
> sn,GivenName,mail,street,Postalcode,l,uid,facsimileTelephoneNumber
>
> #activation du bind local
> translucent_bind_local on
>
> # activation de la possibilité de changer le mot de passe
> translucent_pwmod_local on
>
> uri             ldap://ldapr.c.fr <http://ldapr.c.fr>
> lastmod         off
> acl-bind        binddn="cn=admin,ou=People,dc=c,dc=fr" credentials="password"
>
> access to attrs=userPassword,shadowLastChange
>          by dn="cn=admin,ou=People,dc=c,dc=fr" write
>          by anonymous auth
>          by self write
>          by * none
>
> access to dn.base=""
>          by * read
>
>
> Ex user :
>
> dn: uid=w.k.1,ou=c,ou=People,dc=c,dc=fr
> displayName: K W
> givenName: W
> postalCode: 44095
> objectClass: cPerson
> uid: w.k.1
> mail: w.k@mail.fr <mailto:w.k@mail.fr>
> cn: K W
> telephoneNumber: 06 06 06 06 06
> o: C
> l: MON
> sn: KNAP
> Application: contrat:ABC221:082534

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 7 Howard Chu 2013-08-23 14:40:21 UTC
changed state Open to Feedback
Comment 8 OpenLDAP project 2017-04-13 20:20:55 UTC
Can't reproduce, no follow up providing more information
Comment 9 Quanah Gibson-Mount 2017-04-13 20:20:55 UTC
changed notes
moved from Incoming to Software Bugs