[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3404) sockber stack SEGVs

> RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/controls.c,v
> retrieving revision

Thanks for the patch; unfortunately, I'm still able to reproduce the above
trace (eg followup 2) with it applied. For completeness, I note that there
are some rui warnings on "from" (daemon.c:1612, 1665, 1721), then this one:

<rtc> Read from uninitialized (rui) on thread 3:
Attempting to read 1 byte at address 0x63f034
    which is 532 bytes into a heap block of size 1048576 bytes at 0x63ee20
This block was allocated from:
        [1] ber_memalloc_x() at line 232 in "memory.c"
        [2] ch_malloc() at 0x7fe38
        [3] sl_mem_create() at line 82 in "sl_malloc.c"
        [4] connection_operation() at line 1030 in "connection.c"
        [5] ldap_int_thread_pool_wrapper() at line 467 in "tpool.c"
        [6] _lwp_start() at 0xde1157b4
Location of error:
current thread: t@3
=>[1] sl_realloc(ptr = 0x63f02c, size = 16U, ctx = 0x61f2b0), line 206 in "sl_malloc.c"
  [2] get_ctrls(0x624248, 0xa7bffd58, 0x1, 0xa7bffcc8, 0x0, 0x624280), at 0x95c64
  [3] do_search(op = 0x624248, rs = 0xa7bffd58), line 196 in "search.c"
  [4] connection_operation(ctx = 0xa7bffe14, arg_v = 0x624248), line 1079 in "connection.c"
  [5] ldap_int_thread_pool_wrapper(xpool = 0x558d20), line 467 in "tpool.c"

Finally, one in parseLDAPsync (now controls.c:1397 with the four-line patch)
that is substantially similar to followup #2.

On a related topic, when I stress tested overnight, there was a warning
(of the same flavor) on
   [3] parseLDAPsync(op = 0x629ba0, rs = -1514144424, ctrl = 62014932), line 1414 in "controls.c"

unpatched line numbers, eg fmt = "o". I haven't yet reproduced this with
the patch, but even without the patch it took a substantial amount of time
for this to appear.