[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4689) sladp - glibc - double free or corruption when searching translucent overlay

Full_Name: Nico Weber
Version: 2.3.x + HEAD
OS: gentoo
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Hi all,

slapd crashes with an glibc- double free or corruption[1] when doing a search[2]
(with id <user>)  (partly) located on a translucent overlay.

This is maybe related to bug Incoming/4628. But i dont know.

Note: there is no crash when searching manualy for the uid[3]
Maybe filter related?

Tested with latest stable and some HEAD versions.



*** glibc detected *** double free or corruption (!prev): 0x0830f940 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread -1226589264 (LWP 6253)]
0xbfffe402 in __kernel_vsyscall ()
(gdb) bt
#0  0xbfffe402 in __kernel_vsyscall ()
#1  0xb7a60f95 in raise () from /lib/libc.so.6
#2  0xb7a6264f in abort () from /lib/libc.so.6
#3  0xb7a94bb2 in __fsetlocking () from /lib/libc.so.6
#4  0xb7a9a574 in malloc_usable_size () from /lib/libc.so.6
#5  0xb7a9af0a in free () from /lib/libc.so.6
#6  0x08079322 in do_search (op=0xb6e3a0e0, rs=0xb6e3b1d0) at search.c:233
#7  0x080778c2 in connection_operation (ctx=0xb6e3b2c0, arg_v=0x830d7c0) at
#8  0x080782c3 in connection_read_thread (ctx=0xb6e3b2c0, argv=0xf) at
#9  0x081816c2 in ldap_int_thread_pool_wrapper (xpool=0x8264d00) at tpool.c:704
#10 0xb7d5d2ab in start_thread () from /lib/libpthread.so.0
#11 0xb7af0e2e in clone () from /lib/libc.so.6


Sep 28 15:09:25 directory2 slapd[6241]: conn=4 op=1 SRCH
base="cn=Users,dc=ri,dc=uni-tuebingen,dc=de" scope=2 dere
f=0 filter="(&(objectClass=posixAccount)(uid=test))"
Sep 28 15:09:25 directory2 slapd[6241]: conn=4 op=1 SRCH attr=uid userPassword
uidNumber gidNumber cn homeDirector
y loginShell gecos description objectClass
Sep 28 15:09:25 directory2 slapd[6241]: conn=4 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=


ldapsearch -H ldap://localhost -D "cn=machine,dc=blabla" -x -b
dc=ri,dc=uni-tuebingen,dc=de -W uid=test 


# search result
search: 2
result: 0 Success

no error