[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9037) observing crash in mdb_cursor_put()

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9037) observing crash in mdb_cursor_put()
From: hyc@symas.com
Date: Wed, 14 Aug 2019 20:18:08 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

hyc@symas.com wrote:
> vporof@mozilla.com wrote:
>> It might be possible that even though RKV was built in debug mode, the
>> backing sys crate isn't building LMDB itself this way. On a very first 
>> glance it looks like this is the case, always going for opt level 2:
>> https://github.com/danburkert/lmdb-rs/blob/master/lmdb-sys/build.rs#L23
>>
>> I'll have a closer look at the build process and see what's going on.
>>
>> Can you share your build process that resulted in LMDB debug functions
>> being optimized away? Did you build using the fuzzer via `cargo afl`?
>> Something else?
> 
> I deleted the lmdb-rkv-sys-* directories from target/debug/build, edited
>  .cargo/registry/src/github.com-1ecc6299db9ec823/lmdb-rkv-sys-0.8.6/lmdb/libraries/liblmdb/mdb.c
>  and added #define MDB_DEBUG 3 at the top of the file, then reran the cargo build command.
> 
> RUSTFLAGS="-Clink-arg=-fuse-ld=gold" cargo afl build -v

Not really sure it's worth spending time on these fuzzer results. Basically
you're feeding corrupted database files into LMDB, and it is hitting an
assert because it sees that the structure is corrupted. Working as designed,
in other words.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#9037) observing crash in mdb_cursor_put()
Next by Date: Re: (ITS#9037) observing crash in mdb_cursor_put()
Index(es):
- Chronological
- Thread