OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/8760
Full headers

From: github@nicwatson.org
Subject: LMDB: seg fault on opening a new database
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 23 Oct 2017 03:41:34 +0000
From: github@nicwatson.org
To: openldap-its@OpenLDAP.org
Subject: LMDB: seg fault on opening a new database
Full_Name: Nic Watson
Version: LMDB 0.9.21
OS: Ubuntu 16.04.3 LTS
URL: https://gist.github.com/jnwatson/86b43b0515fe552a087d741d4ab43922
Submission from: (NULL) (108.56.136.246)


See the URL for the minimal C program to reproduce the crash and the gdb
backtrace.

LMDB will seg fault in mdb_dbi_open when creating a new database if the
environment was opened read-only.

This was found trying to update py-lmdb from 0.9.19 to 0.9.21.  Two unit tests
crashed that didn't crash before, both on the same line in mdb.c.  The program
in the URL is derived from one of the tests.

The change was introduced in commit e8e82933.  In mdb.c, line 9772
(https://github.com/LMDB/lmdb/blob/LMDB_0.9.21/libraries/liblmdb/mdb.c#L9772)
the mdb_cursor_put was wrapped in the macro WITH_CURSOR_TRACKING.  In that
macro, the variable tp is assigned the address of an entry of the passed-in
cursor's transaction's mt_cursors array.  However, mt_cursors isn't initialized
in this case.

Followup 1

Download message
Subject: Re: (ITS#8760) LMDB: seg fault on opening a new database
To: github@nicwatson.org, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Thu, 26 Oct 2017 18:12:46 +0100
github@nicwatson.org wrote:
> Full_Name: Nic Watson
> Version: LMDB 0.9.21
> OS: Ubuntu 16.04.3 LTS
> URL: https://gist.github.com/jnwatson/86b43b0515fe552a087d741d4ab43922
> Submission from: (NULL) (108.56.136.246)
> 
> 
> See the URL for the minimal C program to reproduce the crash and the gdb
> backtrace.
> 
> LMDB will seg fault in mdb_dbi_open when creating a new database if the
> environment was opened read-only.

Thanks for the report, but this doesn't seem like a bug. Trying to create 
something when the environment was opened read-only is clearly a misuse of the 
API, and SEGVs are expected when the API is misused.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org