[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3842) crash - NULL dereference in slapd_remove()



Thanks, this is now fixed in HEAD. Will fix in RE22 as well.

jtownsend@opendarwin.org wrote:
> Full_Name: Jason Townsend
> Version: 2.2.19 and HEAD
> OS: Mac OS X 10.4.1
> URL: http://www.opendarwin.org/~jtownsend/patches/shutdowncrash/servers-slapd-daemon.patch
> Submission from: (NULL) (17.221.43.142)
>
>
> During shutdown, the slap_listeners array is freed before the connections are
> shut down, which can cause a crash. The fix would be to free the slap_listeners
> array after the connections are shut down. I've prepared a patch against the
> current HEAD. The patch was initially developed against 2.2.19 but it should
> apply to the current 2.2.x and 2.3.x releases as well.
>
> http://www.opendarwin.org/~jtownsend/patches/shutdowncrash/servers-slapd-daemon.patch
>
> An example crash is below (this was from a 2.1.22 based build so the line
> numbers may not match up quite right).
>
> Exception:  EXC_BAD_ACCESS (0x00000001 (in slapd))
> Codes:      KERN_PROTECTION_FAILURE (0x00000002 (in slapd)) at 0x00000000
>
> Thread 0:
> 0   libSystem.B.dylib   0x90014528 semaphore_wait_trap + 0x00000008 (in slapd)
> 1   libSystem.B.dylib   0x9003911c pthread_join + 0x000000fc (in slapd)
> 2   slapd               _slapd_daemon (in slapd) (daemon.c:1961) 0x00001000 (in
> slapd) + _slapd_daemon_task (in slapd) (daemon.c:1379)
> 3   slapd               _main (in slapd) (main.c:578) 0x00001000 (in slapd) +
> 0x000026c4 (in slapd)
> 4   slapd               __start (in slapd) (crt.c:267) 0x00001000 (in slapd) +
> 0x000019c4 (in slapd)
> 5   slapd               start (in slapd) 0x00001000 (in slapd) + 0x00001838 (in
> slapd)
>
> Thread 1 Crashed:
> 0   slapd               _slapd_remove (in slapd) (daemon.c:257) 0x00001000 (in
> slapd) + _usage (in slapd) (main.c:98)
> 1   slapd               _connection_destroy (in slapd) (connection.c:667)
> 0x00001000 (in slapd) + _connections_destroy (in slapd) (connection.c:116)
> 2   slapd               _connection_close (in slapd) (connection.c:786)
> 0x00001000 (in slapd) + _connection_get (in slapd) (connection.c:297)
> 3   slapd               _connections_shutdown (in slapd) (connection.c:168)
> 0x00001000 (in slapd) + _slapd_daemon_task (in slapd) (daemon.c:1549)
> 4   slapd               _slapd_daemon_task (in slapd) (daemon.c:1918) 0x00001000
> (in slapd) + _slapd_daemon_task (in slapd) (daemon.c:1345)
> 5   libSystem.B.dylib   0x900246e8 _pthread_body + 0x00000028 (in slapd)
>
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support