[Date Prev][Date Next] [Chronological] [Thread] [Top]
bdb_filter_candidates() coredump (ITS#2596)

To: openldap-its@OpenLDAP.org
Subject: bdb_filter_candidates() coredump (ITS#2596)
From: h.b.furuseth@usit.uio.no
Date: Sun, 15 Jun 2003 20:24:40 GMT
Full_Name: Hallvard B Furuseth
Version: HEAD
OS: Solaris
URL: 
Submission from: (NULL) (129.240.186.42)
Submitted by: hallvard


Coredump in debug output of malloced but uninitialized ids.  Slapd was
linked with the dmalloc library, where malloc() fills the new memory
with byte 0xda.  tmp[] and ids[] in bdb_filter_candidates() contains
such uninitialized memory.

I have saved the core file for the time being.

bash$ gdb ../servers/slapd/slapd core
Core was generated by `../servers/slapd/slapd -s0 -f ./test-db/slapd.conf -h
ldap://localhost:9009/ -d'.
#0  0x000898e0 in bdb_filter_candidates (op=0xa20408, f=0xf8741568, 
    ids=0xec0008, tmp=0xe40008, stack=0xf40008) at filterindex.c:215
215			(long) BDB_IDL_LAST( ids ) );
(gdb) list
210	#else
211		Debug( LDAP_DEBUG_FILTER,
212			"<= bdb_filter_candidates: id=%ld first=%ld last=%ld\n",
213			(long) ids[0],
214			(long) BDB_IDL_FIRST( ids ),
215			(long) BDB_IDL_LAST( ids ) );
216	#endif
217	
218		return rc;
219	}
(gdb) bt
#0  0x000898e0 in bdb_filter_candidates (op=0xa20408, f=0xf8741568, 
    ids=0xec0008, tmp=0xe40008, stack=0xf40008) at filterindex.c:215
#1  0x00089a08 in list_candidates (op=0xa20408, flist=0xf8741558, ftype=160, 
    ids=0xf8781760, tmp=0xe40008, save=0xec0008) at filterindex.c:245
#2  0x00089824 in bdb_filter_candidates (op=0xa20408, f=0xf8741588, 
    ids=0xf8781760, tmp=0xe40008, stack=0xec0008) at filterindex.c:189
#3  0x00075a4c in search_candidates (stackop=0x0, op=0xa20408, rs=0xf8801ad8, 
    e=0xf8741738, locker=41, ids=0xf8781760, scopes=0xf8741760)
    at search.c:1603
#4  0x0007439c in bdb_do_search (op=0xa20408, rs=0xf8801ad8, sop=0xa20408, 
    ps_e=0x0, ps_type=0) at search.c:724
#5  0x00073948 in bdb_search (op=0xa20408, rs=0xf8801ad8) at search.c:357
#6  0x0003737c in do_search (op=0xa20408, rs=0xf8801ad8) at search.c:395
#7  0x00035384 in connection_operation (ctx=0xf8801b80, arg_v=0xa20408)
    at connection.c:978
#8  0x000a8748 in ldap_int_thread_pool_wrapper (xpool=0x227a88) at tpool.c:463
(gdb) print ids
$1 = (ID *) 0xec0008
(gdb) set radix 16
Input and output radices now set to decimal 16, hex 10, octal 20.
(gdb) print ids[0]
$3 = 0xdadadada
(gdb) print ids[1]
$4 = 0xdadadada
(gdb) print rc
$5 = 0x16
(gdb) print *f
$6 = {f_choice = 0xa1, f_un = {f_un_result = 0xf8741578, f_un_dn = 0xf8741578, 
    f_un_desc = 0xf8741578, f_un_ava = 0xf8741578, f_un_ssa = 0xf8741578, 
    f_un_mra = 0xf8741578, f_un_complex = 0xf8741578}, f_next = 0x0}
(gdb) print *op
$7 = {o_opid = 0x1, o_connid = 0xb, o_conn = 0x2d58f8, o_bd = 0x296008, 
  o_msgid = 0x2, o_protocol = 0x3, o_tag = 0x63, o_time = 0x3eebb8d1, 
  o_req_dn = {bv_len = 0x1d, 
    bv_val = 0xd3e0f4 "o=University of Michigan,c=US"}, o_req_ndn = {
    bv_len = 0x1d, bv_val = 0xd3e154 "o=university of michigan,c=us"}, 
  o_request = {oq_add = {rs_e = 0x2}, oq_bind = {rb_method = 0x2, rb_cred = {
        bv_len = 0x0, bv_val = 0x1f4 <Address 0x1f4 out of bounds>}, rb_edn = {
        bv_len = 0xe10, bv_val = 0x0}, rb_ssf = 0xd3e21c}, oq_compare = {
      rs_ava = 0x2}, oq_modify = {rs_modlist = 0x2}, oq_modrdn = {rs_newrdn = {
        bv_len = 0x2, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0x1f4, 
        bv_val = 0xe10 <Address 0xe10 out of bounds>}, rs_newSup = 0x0, 
      rs_nnewSup = 0xd3e21c, rs_deleteoldrdn = 0xd3e1ac}, oq_search = {
      rs_scope = 0x2, rs_deref = 0x0, rs_slimit = 0x1f4, rs_tlimit = 0xe10, 
      rs_attrsonly = 0x0, rs_attrs = 0xd3e21c, rs_filter = 0xd3e1ac, 
      rs_filterstr = {bv_len = 0x17, 
        bv_val = 0xd3e1fc "(cn=alumni assoc staff)"}}, oq_abandon = {
      rs_msgid = 0x2}, oq_cancel = {rs_msgid = 0x2}, oq_extended = {
      rs_reqoid = {bv_len = 0x2, bv_val = 0x0}, rs_reqdata = 0x1f4}}, 
  o_tid = 0x0, o_abandon = 0x0, o_cancel = 0x0, o_do_not_cache = 0x0, 
  o_is_auth_check = 0x0, o_managedsait = 0x0, o_noop = 0x0, 
  o_proxy_authz = 0x0, o_subentries = 0x0, o_subentries_visibility = 0x0, 
  o_assert = 0x0, o_valuesreturnfilter = 0x0, o_permissive_modify = 0x0, 
  o_domain_scope = 0x0, o_pagedresults = 0x0, o_pagedresults_size = 0x0, 
  o_pagedresults_state = {ps_be = 0x0, ps_cookie = 0x0, ps_id = 0x0}, 
  o_sync = 0x0, o_sync_mode = 0x0, o_sync_state = {bv_len = 0x0, 
    bv_val = 0x0}, o_ps_protocol = 0x0, o_ps_entries = 0x0, o_ps_link = {
    le_next = 0x0, le_prev = 0x0}, o_pm_list = {lh_first = 0x0}, o_authz = {
    sai_method = 0x0, sai_mech = {bv_len = 0x0, bv_val = 0x0}, sai_dn = {
      bv_len = 0x0, bv_val = 0x0}, sai_ndn = {bv_len = 0x0, bv_val = 0x0}, 
    sai_ssf = 0x0, sai_transport_ssf = 0x0, sai_tls_ssf = 0x0, 
    sai_sasl_ssf = 0x0}, o_ber = 0xa2be48, o_callback = 0x0, o_ctrls = 0x0, 
  o_threadctx = 0xf8801b80, o_tmpmemctx = 0xa22788, o_tmpmfuncs = 0x1aa8e8, 
  o_private = 0x0, o_next = {stqe_next = 0x0}, o_assertion = 0x0, 
  o_vrFilter = 0x0, o_caching_on = 0x0}
(gdb) print tmp
$8 = (ID *) 0xe40008
(gdb) print tmp[0]
$9 = 0xdadadada
(gdb) print tmp[1]
$10 = 0xdadadada
(gdb) print stack
$11 = (ID *) 0xf40008
(gdb) print stack[0]
$12 = 0xffffffff
(gdb) print stack[1]
$13 = 0x1
Prev by Date: Re: Crash in proxy authorization in some case (ITS#2578)
Next by Date: Re: bdb_filter_candidates() coredump (ITS#2596)
Index(es):
- Chronological
- Thread