[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3659) dynlist overlay expanding URL that scopes cn=Monitor causes SIGSEGV
Full_Name: Pierangelo Masarati
Version: HEAD
OS: Linux (whitebox)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando
The topic definitely is irrelevant, but it may be a symptom of other problems.
If dynlist is used with and entry with an URL that scopes cn=Monitor, when
expanding it slapd SIGSEGVs in a malloc
A stack backtrace of the offending thread is reported, just to indicate where
the failure occurs. The arrays passed to value_add() look fine; the pointers
passed to ber_dupbv_x() also look fine:
# dst
(gdb) p ((struct berval *)0x96143a0)[0]
$1 = {bv_len = 0, bv_val = 0x0}
# src
(gdb) p ((struct berval *)0x962e280)[0]
$2 = {bv_len = 9, bv_val = 0x96043b8 "Backend 4"}
I'll investigate a bit more. Note that dynlist used to work well for long time
with regular backends. Might be a back-monitor issue. I'll investigate a bit
more.
#0 0x001f5cab in _int_malloc () from /lib/tls/libc.so.6
(gdb) bt full
#0 0x001f5cab in _int_malloc () from /lib/tls/libc.so.6
No symbol table info available.
#1 0x001f4e9d in malloc () from /lib/tls/libc.so.6
No symbol table info available.
#2 0x081f2d14 in ber_memalloc_x (s=10, ctx=0x0) at memory.c:232
new = (void *) 0x110
#3 0x081f33ce in ber_dupbv_x (dst=0x96143a0, src=0x962e280, ctx=0x0)
at memory.c:518
new = (struct berval *) 0x96143a0
#4 0x081f3493 in ber_dupbv (dst=0x96143a0, src=0x962e280) at memory.c:536
No locals.
#5 0x0809c4dc in value_add (vals=0x96425cc, addvals=0x962e280) at value.c:79
n = 32
nn = 1
v2 = 0x96143a0
#6 0x0808597e in attr_merge (e=0x962e228, desc=0x957ccb0, vals=0x962e280,
nvals=0x9614cd8) at attr.c:197
rc = 157371608
a = (Attribute **) 0x962e268
#7 0x080d470a in modify_add_values (e=0x962e228, mod=0xb6e90c10,
permissive=1, text=0xb6e907d0, textbuf=0xb6e907e0
"��\030\b��\b\b\001",
textlen=1024) at mods.c:150
rc = 1
op = 0x821b9f2 "add"
a = (Attribute *) 0x96425c8
pmod = {sm_op = 0, sm_desc = 0x957ccb0, sm_type = {bv_len = 2,
bv_val = 0x957cb20 "cn"}, sm_values = 0x962e280, sm_nvalues = 0x9614cd8}
__PRETTY_FUNCTION__ = "modify_add_values"
#8 0x0818f0f9 in dynlist_sc_update (op=0xb6e91960, rs=0xb6e91920)
at dynlist.c:251
mod = {sm_op = 0, sm_desc = 0x957ccb0, sm_type = {bv_len = 2,
bv_val = 0x957cb20 "cn"}, sm_values = 0xb6996b9c, sm_nvalues = 0xb6996bb4}
text = 0x0
textbuf = "��\030\b��\b\b\001\000\000\000\020\b�
\b�\000\004\000\000\000\000\000\000\001\000\000\000\a\000\000\000HUb\t�Oa\t\000\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000\000\000\000\000��\030\b��\b\b\001\000\000\000P\b�`\b�\000\004",
'\0' <repeats 30 times>, "\002\000\000\000\002", '\0' <repeats 39 times>,
"�\024\037\000�\017�h.d\t�&\036\000\000\000\000\000\223�
\b\000\000\000\000�\016�N\226\034\000�\016�\223� \b\a", '\0' <repeats
23 times>, "�\016�\234�\034\000t\n�", '\0' <repeats 46 times>, "s
\000\000\000\000����", '\0' <repeats 40 times>...
vals = 0xb6996b9c
nvals = 0xb6996bb4
i = 1
j = 1
e = (Entry *) 0x962e228
a = (Attribute *) 0x9604368
opattrs = 0
userattrs = 1
acl_state = {as_recorded = 3, as_vd_acl = 0x0, as_vi_acl = 0x0,
as_vd_acl_mask = 0, as_vd_acl_matches = {{rm_so = 0,
rm_eo = 0} <repeats 100 times>}, as_vd_acl_count = 0,
as_vd_access = 0x0, as_vd_access_count = 0, as_result = 1,
as_vd_ad = 0x957ccb0}
dlc = (dynlist_sc_t *) 0xb6e91900
__PRETTY_FUNCTION__ = "dynlist_sc_update"
#9 0x0808eaed in slap_send_search_entry (op=0xb6e91960, rs=0xb6e91920)
at result.c:752
--> truncated <--