Full_Name: Jonathan Clarke Version: 2.3.35 OS: Linux (ubuntu) URL: Submission from: (NULL) (213.41.243.192) When trying a modify operation (such as changing or adding a value of an attribute) with the NOOP control (set to critical) on an entry stored in a BDB backend, slapd crashes, with the following error: *** glibc detected *** ./servers/slapd/slapd: munmap_chunk(): invalid pointer: 0x0821e235 *** ======= Backtrace: ========= [...] ======= Memory map: ======== [...] Abandon (core dumped) This only happens for operations that should succeed (ie, should return the NOOP error code LDAP_X_NO_OPERATION). Operations which fail for other reasons (refused by ACLs, schema error, etc) do not make slapd crash. I have tested this on versions 2.3.32, 2.3.34, 2.3.35 and HEAD (as of today). The crash only happens with the BDB backend (I tested slapd with a ldap backend which only made the remote slapd with a BDB backend crash, not the one with the ldap backend). After some investigation, I found that this crash results from a call to attrs_free() in servers/slapd/back-bdb/modify.c, after the "return_results" label. This seems to be a double free() problem. The following patch solved the problem for me on versions 2.3.32, 2.3.34, 2.3.35 and HEAD (as of today). With this patch, NOOP behaves as expected. The patch simply adds 2 lines copied from the error handling "if" higher up in the same function (bdb_modify). ---------------------BEGIN PATCH--------------------- --- modify.c.~1.124.2.16.~ 2007-01-02 22:44:00.000000000 +0100 +++ modify.c 2007-04-11 14:44:56.000000000 +0200 @@ -538,6 +538,8 @@ } else { rs->sr_err = LDAP_X_NO_OPERATION; ltid = NULL; + /* Only free attrs if they were dup'd. */ + if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL; goto return_results; } } else { ----------------------END PATCH---------------------- (sorry not to put this patch on an FTP site, but ftp.openldap.org complains with 452 Error writing file: No space left on device.) I, Jonathan Clarke, hereby place the preceding modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
changed notes changed state Open to Test moved from Incoming to Software Bugs
jclarke@linagora.com wrote: > When trying a modify operation (such as changing or adding a value of an > attribute) with the NOOP control (set to critical) on an entry stored in a BDB > backend, slapd crashes, with the following error: Thanks, applied to HEAD/re23. Please test and report. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote: > jclarke@linagora.com wrote: > >> When trying a modify operation (such as changing or adding a value of an >> attribute) with the NOOP control (set to critical) on an entry stored in a BDB >> backend, slapd crashes, with the following error: > > Thanks, applied to HEAD/re23. Please test and report. p. Just tested HEAD and RE23, NOOP works great on all operations. Thanks! -- Jonathan Clarke Linagora - OSSA 27, rue de Berri 75008 Paris Tél. 01 58 18 68 28 Fax. 01 58 18 68 29
changed state Test to Closed
moved from Software Bugs to Archive.Software Bugs
fixed in HEAD/re23