slapd crashes updating contextCSN (ITS#2692)

[lukeh@padl.com]

Full_Name: Luke Howard
Version: HEAD
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.13.32.76)


slapd is crashing when trying to update the contextCSN attribute. FWIW, I'm
using back-hdb, not back-bdb. I haven't had a chance to look into this further -
interestingly it seems to disappear when run under valgrind - but given the data
is valid it would seem to suggest either a double free or memory being freed
that was allocated using a slapd memory context.

=> entry_encode(0x00000113): 
bdb_dn2entry("cn=ldapsync,dc=off,dc=padl,dc=com")

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 3076 (LWP 30560)]
0x402c3bce in free () from /lib/libc.so.6
(gdb) bt
#0  0x402c3bce in free () from /lib/libc.so.6
#1  0x402c3aa3 in free () from /lib/libc.so.6
#2  0x080fd7df in ber_memfree_x (p=0x82b7fb4, ctx=0x0) at memory.c:143
#3  0x080fe01d in ber_bvarray_free_x (a=0x82b7fb4, ctx=0x0) at memory.c:724
#4  0x080fe03b in ber_bvarray_free (a=0x82b7fb4) at memory.c:731
#5  0x0806d335 in attr_free (a=0x82b7fa0) at attr.c:28
#6  0x0806d909 in attr_delete (attrs=0x82b7e9c, desc=0x8162ba0) at attr.c:318
#7  0x080a63fd in hdb_modify (op=0x82918c0, rs=0xbf3ff8e4) at modify.c:611
#8  0x08076146 in do_modify (op=0x82918c0, rs=0xbf3ff8e4) at modify.c:486
#9  0x08066962 in connection_operation (ctx=0xbf3ff964, arg_v=0x82918c0) at
connection.c:984
#10 0x080de720 in ldap_int_thread_pool_wrapper (xpool=0x81671a0) at tpool.c:463
#11 0x402470ba in pthread_start_thread () from /lib/libpthread.so.0
#12 0x40247101 in pthread_start_thread_event () from /lib/libpthread.so.0
(gdb) up 6
#6  0x0806d909 in attr_delete (attrs=0x82b7e9c, desc=0x8162ba0) at attr.c:318
318                             attr_free( save );
(gdb) up
#7  0x080a63fd in hdb_modify (op=0x82918c0, rs=0xbf3ff8e4) at modify.c:611
611                             attr_delete( &ctxcsn_e->e_attrs,
slap_schema.si_ad_contextCSN );
(gdb)