Running the test suite with `-fsanitize=address` picks up a bug in https://git.openldap.org/openldap/openldap/-/blob/860b61f41dfeeb19cc0eb011f290561c68a13de3/servers/slapd/overlays/dynlist.c#L1681 Here, op->o_bd->bd_info isn't actually dynlist but mdb's own static bi, so overlay_entry_get_ov then reaches into the void when reading on->on_info. It's very likely that other places/overlays share the same bug as it is subtle and doesn't get picked up immediately (slap_overinst embeds a BackendInfo and oi_orig is not often set).
Trying to deal with this, dynlist is deeply married to using op->o_bd->bd_info in places that could be coming from a callback (dynlist_nested_member, ...). I can't see a clear way to disentagle this myself. Howard, do you want to take this on?
https://git.openldap.org/openldap/openldap/-/merge_requests/667
head: • b3eab2ce by Howard Chu at 2024-01-10T19:33:38+00:00 ITS#10135 dynlist: fix search2resp callback context
RE26: • ffdd12f0 by Howard Chu at 2024-01-16T20:38:57+00:00 ITS#10135 dynlist: fix search2resp callback context RE25: • a4026502 by Howard Chu at 2024-01-16T20:39:11+00:00 ITS#10135 dynlist: fix search2resp callback context
*** Issue 10044 has been marked as a duplicate of this issue. ***