[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5743) SIGSEGV in ldapsearch

To: openldap-its@OpenLDAP.org
Subject: (ITS#5743) SIGSEGV in ldapsearch
From: ando@sys-net.it
Date: Wed, 15 Oct 2008 15:35:42 GMT

Full_Name: Pierangelo Masarati
Version: re24
OS: CentOS 5.2 on i386
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.237.142.6)
Submitted by: ando


While chasing referrals (-C) to non-responding hosts (see also ITS#5742,
unrelated but same scenario), I got the following:

#0  0x0084b402 in __kernel_vsyscall ()
#1  0x00c9ad20 in raise () from /lib/libc.so.6
#2  0x00c9c631 in abort () from /lib/libc.so.6
#3  0x00c9416b in __assert_fail () from /lib/libc.so.6
#4  0x0807e58b in ber_sockbuf_ctrl (sb=0x0, opt=19658, arg=0x0) at sockbuf.c:88
#5  0x0805672a in try_read1msg (ld=0x90502a8, msgid=8, all=1, lcp=0xbf8957c8, 
    result=0xbf895820) at result.c:1190
#6  0x08057952 in ldap_result (ld=0x90502a8, msgid=8, all=1, 
    timeout=0xbf895810, result=0xbf895820) at result.c:402
#7  0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895904, 
    use_ldsb=0, connect=1, bind=0xbf8958f0) at request.c:501
#8  0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905ab20, 
    msgid=7, parentreq=0x90594d8, srvlist=0xbf895904, lc=0x0, bind=0xbf8958f0)
    at request.c:207
#9  0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, 
    refs=0x905aa50, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895a1c)
    at request.c:1139
#10 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=6, all=1, lcp=0xbf895a88, 
    result=0xbf895ae0) at result.c:729
#11 0x08057952 in ldap_result (ld=0x90502a8, msgid=6, all=1, 
    timeout=0xbf895ad0, result=0xbf895ae0) at result.c:402
#12 0x08064635 in ldap_new_connection (ld=0x90502a8, srvlist=0xbf895bc4, 
    use_ldsb=0, connect=1, bind=0xbf895bb0) at request.c:501
#13 0x08064b2d in ldap_send_server_request (ld=0x90502a8, ber=0x905b7f8, 
    msgid=5, parentreq=0x90594d8, srvlist=0xbf895bc4, lc=0x0, bind=0xbf895bb0)
    at request.c:207
#14 0x08065acc in ldap_chase_v3referrals (ld=0x90502a8, lr=0x905a7c0, 
    refs=0x905a8f0, sref=1, errstrp=0x905a7e4, hadrefp=0xbf895cdc)
    at request.c:1139
#15 0x08056a6d in try_read1msg (ld=0x90502a8, msgid=-1, all=0, lcp=0xbf895d48, 
    result=0xbf895ff8) at result.c:729
#16 0x08057952 in ldap_result (ld=0x90502a8, msgid=-1, all=0, timeout=0x0, 
    result=0xbf895ff8) at result.c:402
#17 0x0804b362 in dosearch (ld=0x90502a8, base=0x904f180 "dc=ericsson,dc=com", 
    scope=2, filtpatt=0x0, value=0x10 <Address 0x10 out of bounds>, attrs=0x0, 
    attrsonly=0, sctrls=0x0, cctrls=0x0, timeout=0x0, sizelimit=-1)
    at ldapsearch.c:1198
#18 0x0804d3ce in main (argc=Cannot access memory at address 0x4cca
) at ldapsearch.c:1031

Frame #4 clearly shows that ber_sockbuf_ctrl() is passed a null sb, which is
lc->lconn_sb.  I could not track, right now, where that pointer was zeroed out. 
I have binary and core available, if anything is needed.  What I'm missing right
now is time and connectivity (via ssh, and most of the time via http).

p.

Prev by Date: (ITS#5742) slapo-chain(5) causes sigsegv when unable to chase a search reference
Next by Date: Re: (ITS#5740) slapd-tester fails on windows
Index(es):
- Chronological
- Thread