[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6638) ldapseach segfault on OSX

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6638) ldapseach segfault on OSX
From: masarati@aero.polimi.it
Date: Sun, 5 Sep 2010 19:19:51 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

> Full_Name: Quanah Gibson-Mount
> Version: 2.4.23
> OS: Mac OSX 10.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.45.108)
>
>
> When querying AD from a mac, we found that we can segfault ldapsearch.
> This
> segfault does not happen when running the same query from linux.  Here is
> the
> backtrace:
>
> (gdb) thr apply all bt full
>
> Thread 1 (core thread 0):
> #0  0x00007fff80697180 in strlen ()
> No symbol table info available.
> #1  0x000000010008ae22 in ber_put_string (ber=0x100401480,
> str=0x686372616573
> <Address 0x686372616573 out of bounds>, tag=18446744073709551615) at
> encode.c:273

Something seems to be wrong with the parsing of the deref control in
ldapsearch.c; can you provide the command-line?

Thanks, p.

> No locals.
> #2  0x000000010008be20 in ber_printf (ber=0x100401480, fmt=0x10005f5e4
> "s{") at
> encode.c:575
>         ap = {{
>     gp_offset = 24,
>     fp_offset = 48,
>     overflow_arg_area = 0x7fff5fbfeb00,
>     reg_save_area = 0x7fff5fbfea40
>   }}
>         s = 0x686372616573 <Address 0x686372616573 out of bounds>
>         ss = (char **) 0x0
>         bv = (struct berval *) 0x0
>         bvp = (struct berval **) 0x7fff8069dc3b
>         rc = 0
>         i = 584234
>         len = 140734799800880
> #3  0x00000001000586d8 in ldap_create_deref_control_value (ld=0x100401130,
> ds=0x100400130, value=0x100016a20) at deref.c:68
>         j = 1
>         ber = (BerElement *) 0x100401480
>         tag = 18
>         i = 1
>         __func__ = "\000\000\000\000\000\000\000Critical extension is una"
> #4  0x0000000100003a28 in main (argc=13, argv=0x7fff5fbff4f8) at
> ldapsearch.c:1090
>         i = 0
>         filtpattern = 0x7fff5fbff739 "(CN=SE-EMEA-OEM)"
>         attrs = (char **) 0x7fff5fbff558
>         line = '\0' <repeats 504 times>,
> "ï¿½ï¿½ï¿½_ï¿½\000\000ï¿½ï¿½_ï¿½\000\000\006\003ï¿½ï¿½ï¿½\000\000\000ï¿½_ï¿½\000\000ï¿½&ï¿½_ï¿½",
> '\0' <repeats 18 times>,
> "ï¿½ï¿½ï¿½_ï¿½\000\000\020ï¿½_ï¿½\000\000ï¿½ï¿½_ï¿½\000\000ï¿½\005ï¿½_ï¿½\000\000ï¿½ï¿½~L\000\000\000\000=ï¿½\002\000ï¿½\000\000ï¿½\000\000\000Ì¹ï¿½T\035ï¿½_ï¿½ï¿½dYhMï¿½6T{ï¿½bjï¿½\033\020v:ï¿½*ï¿½b7\003a/ï¿½Mï¿½ï¿½ï¿½ï¿½ï¿½ï¿½8ï¿½Lï¿½ï¿½Xï¿½\025Cï¿½Ô¶&Úxï¿½6cï¿½Oï¿½ï¿½Dpb*\030\tdï¿½ï¿½ï¿½^biï¿½}ï¿½ï¿½&ï¿½yï¿½fï¿½q"...
>         fp = (FILE *) 0x0
>         rc = 0
>         rc1 = 0
>         i = 0
>         first = 0
>         ld = (LDAP *) 0x100401130
>         seber = (BerElement *) 0x0
>         vrber = (BerElement *) 0x0
>         syncber = (BerElement *) 0x0
>         syncbvalp = (struct berval *) 0x0
>         err = 0
>
>
> Search was:
>
> /opt/zimbra/openldap/bin/ldapsearch -LLL -D ... -w ... -H ldap://...:3268
> -x -E
> deref=member:mail "(CN=test)" mail
>
> Segmentation fault (core dumped)
>
>
>

Prev by Date: Re: (ITS#6598) EXOP to return number of children of a (sub)tree
Next by Date: Re: (ITS#6638) ldapseach segfault on OSX
Index(es):
- Chronological
- Thread