[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd crashes (ITS#1541)



Full_Name: Zdenek Pavlas
Version: openldap-2.0.21
OS: FreeBSD 4.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.149.103.141)


I can reproduce the following slapd crash (*** being a valid DN I don't want to
show).
There are about 20 records below the base DN, and modifyTimestamp attr has no
indices.
Same results also on other systems running debian.

slapd log:
...
conn=106 op=13 SRCH base="***" scope=1
filter="(modifyTimestamp>=20011105173827Z)"
Segmentation fault

$ gdb -c slapd.core -f slapd
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by Slapd'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libgdbm.so.2...done.
Reading symbols from /usr/lib/libfetch.so.2...done.
Reading symbols from /usr/lib/libcom_err.so.2...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libc_r.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x28153e94 in strcasecmp () from /usr/lib/libc_r.so.4
(gdb) bt
#0  0x28153e94 in strcasecmp () from /usr/lib/libc_r.so.4
#1  0x8072e76 in ainfo_type_cmp (desc=0xf <Address 0xf out of bounds>,
    a=0x8125820) at attr.c:42
#2  0x807cbf3 in avl_find (root=0x8125950, data=0xf,
    fcmp=0x8072e60 <ainfo_type_cmp>) at avl.c:634   
#3  0x8072eb4 in attr_mask (li=0x80f4000, 
    desc=0xf <Address 0xf out of bounds>, indexmask=0x855ac28) at attr.c:71
#4  0x807b06a in index_mask (be=0x80ec480, desc=0x92b21e0, dbname=0x855ac54,
    atname=0x855ac58) at index.c:40
#5  0x807b126 in index_param (be=0x80ec480, desc=0x92b21e0, ftype=135,
    dbnamep=0x855acb0, maskp=0x855acb4, prefixp=0x855acb8) at index.c:87
#6  0x8077a8d in presence_candidates (be=0x80ec480, desc=0x92b21e0)
    at filterindex.c:141
#7  0x8077848 in filter_candidates (be=0x80ec480, f=0x92b20e0)
    at filterindex.c:89
#8  0x8078521 in list_candidates (be=0x80ec480, flist=0x855ae08, ftype=161)
    at filterindex.c:464
#9  0x8077959 in filter_candidates (be=0x80ec480, f=0x855adf0)
    at filterindex.c:104
#10 0x8078521 in list_candidates (be=0x80ec480, flist=0x855ae14, ftype=160)
    at filterindex.c:464
#11 0x80778fd in filter_candidates (be=0x80ec480, f=0x855ae20)
    at filterindex.c:99
#12 0x807173a in search_candidates (be=0x80ec480, e=0x80f3440,
    filter=0x92b20e0, scope=1, deref=0, manageDSAit=0) at search.c:429
#13 0x8070f81 in ldbm_back_search (be=0x80ec480, conn=0x812e5c4,
op=0x8f78280, 
    base=0x9310500 "***", nbase=0x9310540 "***", scope=1,
    deref=0, slimit=0, tlimit=0, filter=0x92b20e0, 
    filterstr=0x93105c0 "(modifyTimestamp>=20020115103250Z)", attrs=0x92d4ec0, 
    attrsonly=0) at search.c:142
#14 0x804faea in do_search (conn=0x812e5c4, op=0x8f78280) at search.c:278
#15 0x804e8d4 in connection_operation (arg_v=0x812d490) at connection.c:831
#16 0x808272e in ldap_int_thread_pool_wrapper (pool=0x80ed1c0) at tpool.c:379
#17 0x281039ab in _thread_start () from /usr/lib/libc_r.so.4
#18 0x0 in ?? ()