[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6012) segmentation fault triggered with slapcat

martin.konold@erfrakon.de wrote:
> Am Dienstag, 10. März 2009 06:53:34 schrieben Sie:
>> Please provide steps to reproduce the segfault, thanks.
> Hi Howard,
> I tried to reproduce the problem on either OpenSUSE 11.1 or Fedora but I could
> not reproduce the crash.
> The crash was reproducable with OpenPKG though I guess the crash depends on
> the version of bdb beeing used. The code fetches an transaction from an
> internal table which might have slightly different semantics with regards to
> initialization depending on bdb version.
> Anyway if you look at the rather trivial patch you will see that it indeed
> solves a problem independent of bdb version used so the code does not depend
> on a side effect anymore.
> On one hand the void pointer *data should not be dangeling and therefore
> initialization with NULL is correct.

*data will only be referenced if ldap_pvt_thread_pool_getkey() succeeds. If 
that function succeeds, data will have a value. There is no dangling pointer here.

> On the other hand TXN_ABORT() must not be called with potentially dangeling
> pointers and therefor a trivial check for the validitiy of the pointer is a
> good idea.

Likewise, bdb_reader_free() will only get called as a result of successful 
pool_setkey() calls. There will be no dangling pointers there either.

Since most of this code has been in place since 2002 and no one else has 
reported the problem before, it seems to me that OpenPKG is doing something 
very unusual. And being unable to reproduce the problem ourselves, I'd like to 
see exactly what they're doing to cause it.

I've committed part of the patch in the meantime, but until we see steps to 
reproduce the crash, I'm unconvinced that this is any meaningful change.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/