[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Segfault with current on a search (ITS#451)

To: openldap-its@OpenLDAP.org
Subject: Re: Segfault with current on a search (ITS#451)
From: adamson@andrew.cmu.edu
Date: Mon, 14 Feb 2000 18:45:20 GMT

I'm debugging this same problem right now too. It has nothing to do with
GDBM, it is in the filter code. When you use a filter such as 

	sn=*adamson*

the get_substring_filter() function in servers/slapd/filter.c is
incorrectly duplicating the string in memory. the code looks like:

	case LDAP_SUBSTRING_ANY:
		Debug( LDAP_DEBUG_FILTER, "  ANY\n", 0, 0, 0 );
		charray_add( (char ***) &f->f_sub_any, (char *)val );

This means charray_add() will try to interpret *val as a string. But it's
not, it's a *berval, which has the "ber_len" field as the first field.
When you read that len as a string with strdup(), it is a 0 len string.

get_substring_filter() should not be using a string duplicator like
charray_add(), it should be using a *berval duplicator.


-Mark Adamson
 Carnegie Mellon University





> Here is the backtrace from gdb on the core file.
> GNU gdb 4.18
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/lib/libfetch.so.1...done.
> Reading symbols from /usr/lib/libcom_err.so.2...done.
> Reading symbols from /usr/lib/libcrypt.so.2...done.
> Reading symbols from /usr/lib/libutil.so.2...done.
> Reading symbols from /usr/lib/libc_r.so.3...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0  0x80697d7 in substring_comp_candidates (be=0x80c9400, type=0x80e4570
> "cn",
>     bv=0x80e45e0, prepost=0) at filterindex.c:361
> 361                             buf[i] = p[i];
> (gdb) where
> #0  0x80697d7 in substring_comp_candidates (be=0x80c9400, type=0x80e4570
> "cn",
>     bv=0x80e45e0, prepost=0) at filterindex.c:361
> #1  0x8069628 in substring_candidates (be=0x80c9400, f=0x80d2120)
>     at filterindex.c:291
> #2  0x8068e1e in filter_candidates (be=0x80c9400, f=0x80d2120)
>     at filterindex.c:72
> #3  0x806940d in list_candidates (be=0x80c9400, flist=0x80d2120,
> ftype=161)
>     at filterindex.c:219
> #4  0x8068ffd in filter_candidates (be=0x80c9400, f=0x80d20e0)
>     at filterindex.c:102
> #5  0x806940d in list_candidates (be=0x80c9400, flist=0x80d22e0,
> ftype=161)
>     at filterindex.c:219
> #6  0x8068ffd in filter_candidates (be=0x80c9400, f=0x80d22a0)
>     at filterindex.c:102
> #7  0x806940d in list_candidates (be=0x80c9400, flist=0x80d2320,
> ftype=160)
>     at filterindex.c:219
> #8  0x8068ffd in filter_candidates (be=0x80c9400, f=0x80d2300)
>     at filterindex.c:102
> #9  0x806463b in search_candidates (be=0x80c9400, e=0x80d2280,
>     filter=0x80d20e0, scope=2, deref=0, manageDSAit=0) at search.c:479
> #10 0x8063e45 in ldbm_back_search (be=0x80c9400, conn=0x80e54a4,
> op=0x80e0e80,
>     base=0x80e4550 "dc=NMSU,dc=Edu", nbase=0x80e4560 "DC=NMSU,DC=EDU",
>     scope=2, deref=0, slimit=100, tlimit=3600, filter=0x80d20e0,
>     filterstr=0x80d0040 "(|(cn=ian* logan*)(mail=IAN* LOGAN*)(sn=ian*
> logan*))"
>  attrs=0x80d0000, attrsonly=0) at search.c:135
> #11 0x804e5ef in do_search (conn=0x80e54a4, op=0x80e0e80) at
> search.c:227
> #12 0x804d6a5 in connection_operation (arg_v=0x80e4480) at
> connection.c:763
> #13 0x28112b3a in _thread_start () from /usr/lib/libc_r.so.3
> #14 0x0 in ?? ()
> 
> If there is any more info you need please let me know and I'll get it
> for you.
> Thanks for your help!
> Ian
> -- 
> Ian Logan
> Computing & Networking
> New Mexico State University
> Email: ian@nmsu.edu Phone: 505-646-6034 Fax: 505-646-5278
> 
>

Prev by Date: Re: Segfault with current on a search (ITS#451)
Next by Date: Re: Segfault with current on a search (ITS#451)
Index(es):
- Chronological
- Thread