[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3842) crash - NULL dereference in slapd_remove()
Thanks, this is now fixed in HEAD. Will fix in RE22 as well.
jtownsend@opendarwin.org wrote:
> Full_Name: Jason Townsend
> Version: 2.2.19 and HEAD
> OS: Mac OS X 10.4.1
> URL: http://www.opendarwin.org/~jtownsend/patches/shutdowncrash/servers-slapd-daemon.patch
> Submission from: (NULL) (17.221.43.142)
>
>
> During shutdown, the slap_listeners array is freed before the connections are
> shut down, which can cause a crash. The fix would be to free the slap_listeners
> array after the connections are shut down. I've prepared a patch against the
> current HEAD. The patch was initially developed against 2.2.19 but it should
> apply to the current 2.2.x and 2.3.x releases as well.
>
> http://www.opendarwin.org/~jtownsend/patches/shutdowncrash/servers-slapd-daemon.patch
>
> An example crash is below (this was from a 2.1.22 based build so the line
> numbers may not match up quite right).
>
> Exception: EXC_BAD_ACCESS (0x00000001 (in slapd))
> Codes: KERN_PROTECTION_FAILURE (0x00000002 (in slapd)) at 0x00000000
>
> Thread 0:
> 0 libSystem.B.dylib 0x90014528 semaphore_wait_trap + 0x00000008 (in slapd)
> 1 libSystem.B.dylib 0x9003911c pthread_join + 0x000000fc (in slapd)
> 2 slapd _slapd_daemon (in slapd) (daemon.c:1961) 0x00001000 (in
> slapd) + _slapd_daemon_task (in slapd) (daemon.c:1379)
> 3 slapd _main (in slapd) (main.c:578) 0x00001000 (in slapd) +
> 0x000026c4 (in slapd)
> 4 slapd __start (in slapd) (crt.c:267) 0x00001000 (in slapd) +
> 0x000019c4 (in slapd)
> 5 slapd start (in slapd) 0x00001000 (in slapd) + 0x00001838 (in
> slapd)
>
> Thread 1 Crashed:
> 0 slapd _slapd_remove (in slapd) (daemon.c:257) 0x00001000 (in
> slapd) + _usage (in slapd) (main.c:98)
> 1 slapd _connection_destroy (in slapd) (connection.c:667)
> 0x00001000 (in slapd) + _connections_destroy (in slapd) (connection.c:116)
> 2 slapd _connection_close (in slapd) (connection.c:786)
> 0x00001000 (in slapd) + _connection_get (in slapd) (connection.c:297)
> 3 slapd _connections_shutdown (in slapd) (connection.c:168)
> 0x00001000 (in slapd) + _slapd_daemon_task (in slapd) (daemon.c:1549)
> 4 slapd _slapd_daemon_task (in slapd) (daemon.c:1918) 0x00001000
> (in slapd) + _slapd_daemon_task (in slapd) (daemon.c:1345)
> 5 libSystem.B.dylib 0x900246e8 _pthread_body + 0x00000028 (in slapd)
>
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support