[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7140) mdb crash in slapadd(too large LDIF)

Full_Name: Hallvard B Furuseth
Version: RE24
OS: Linux x86_64
Submission from: (NULL) (
Submitted by: hallvard

When bumping into the database maxsize with slapadd:

mdb_tool_entry_put() does not reset idcursor after mdb_txn_abort(),
so idcursor gets closed twice and slapadd crashes.

Blind fix: s/cursor = NULL;/idcursor = NULL;/ on tools.c line 684.
This is what the mdb_txn_commit() branch does.

The commit branches in mdb_tool_entry_<put,reindex> also reset
mdb->mi_attrs[*]->ai_cursor.  Should the abort branches do the same?