[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6058) slapcat aborts on a double free
The problem is that slapcat uses be_entry_release_r() as the complement
of be->be_entry_get(), namely a run-time function as the complement of a
tool function. rwm_entry_release_rw(), on the contrary, assumes that
the entry it is passed was dup'ed by rwm_entry_get_rw(). I've applied a
fix which **should** always work, based on the assumption that if the
entry was retrieved using rwm_entry_get_rw(), and duplicated, both
e->e_private and e->e_bv are NULL.
p.
luca@OpenLDAP.org wrote:
> Full_Name: Luca Scamoni
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.63.140.131)
>
>
> Slapcat on a slapd instance using rwm overlay, aborts with:
> *** glibc detected *** free(): invalid pointer: 0x09ed06e3 ***
>
> To simulate it's enough a slapd.conf containing something like
>
> # Load dynamic backend modules:
> modulepath /usr/local/openldap/sbin
> moduleload back_hdb.la
> moduleload rwm.la
>
> database hdb
> suffix "dc=example,dc=com"
> rootdn "cn=Manager,dc=example,dc=com"
> rootpw secret
> directory /usr/local/openldap/var/data
> index objectClass eq
> index entryCSN,entryUUID eq
>
> overlay rwm
>
> Simple database:
>
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: example
> o: example.com
>
>
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------