[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7553) mdb_cursor_del() crash when deleting last key

To: openldap-its@OpenLDAP.org
Subject: (ITS#7553) mdb_cursor_del() crash when deleting last key
From: dw@botanicus.net
Date: Mon, 25 Mar 2013 19:07:37 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: David Wilson
Version: master
OS: OS X
URL: http://pastie.org/7114932
Submission from: (NULL) (109.149.47.172)


Please find attached a crash repro affecting current MDB master, where seeking
to the last database key followed by double mdb_cursor_del() results in a
crash.

The program supplied crashed with NULL+0x10 pointer dereference, however another
crash triggered by the same set of steps results in a separate stack trace:


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000000100fffff0
0x00000001005e566c in memmove$VARIANT$sse3x ()
(gdb) bt
#0  0x00000001005e566c in memmove$VARIANT$sse3x ()
#1  0x0000000101dd81d0 in mdb_node_del (mp=0x10111ce20, ksize=10, indx=52758) at
mdb.c:5582
#2  0x0000000101dda308 in mdb_cursor_del (mc=0x10202ed80, flags=0) at
mdb.c:6422
#3  0x0000000101dd51a4 in _cffi_f_mdb_cursor_del (self=0x10111ce20,
args=0x10111ce20) at _cffi__xfbbb05bexaac0bea3.c:648
#4  0x000000010008bd77 in PyEval_EvalFrameEx ()

Prev by Date: Re: (ITS#7552) PcacheAttrset directive is not behaving as it should
Next by Date: Re: (ITS#7553) mdb_cursor_del() crash when deleting last key
Index(es):
- Chronological
- Thread