[Date Prev][Date Next]
Re: (ITS#7542) slapd segfault on modify
On 03/18/2013 07:48 PM, Howard Chu wrote:
> email@example.com wrote:
>> Full_Name: Matthias Grau
>> Version: 2.4.34
>> OS: debian 6.7.0 x64
>> URL: ftp://ftp.openldap.org/incoming/matthias.grau.130318.bz2
>> Submission from: (NULL) (126.96.36.199)
>> slapd can cause a segfault when sorting values in modify operation.
>> Under rare circumstances modify.c:802: jstack += 2; can reach a value
>> of greater
>> 63 which leads to an overwritten pointer for AttributeDescription.
> Thanks for the report.
>> Changing the size of istack from sizeof(int) * 16 to sizeof(int)*16 +
>> 1 solves
>> the segfault. But I don't think that's the correct solution.
>> As shown here:
>> there should be a condition to break if jstack reaches the size of of
> No. In a correct implementation, jstack can never exceed the size of
> This was fixed in similar/identical code elsewhere, e.g. commit
> bb36bdcd1c22d1fbc6575452ef5c9112715ab083 and
> e1559100eb8e9a664cd68915e5acbf8caa334fa1 but for some reason we missed
> these other instances.
> Fixed now in git master.
Thanks for your fast solution.
Problem is solved in git master.