[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7542) slapd segfault on modify

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7542) slapd segfault on modify
From: m.gr@gmx.de
Date: Tue, 19 Mar 2013 06:10:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 03/18/2013 07:48 PM, Howard Chu wrote:
> m.gr@gmx.de wrote:
>> Full_Name: Matthias Grau
>> Version: 2.4.34
>> OS: debian 6.7.0 x64
>> URL: ftp://ftp.openldap.org/incoming/matthias.grau.130318.bz2
>> Submission from: (NULL) (94.217.193.246)
>>
>>
>> slapd can cause a segfault when sorting values in modify operation.
>> Under rare circumstances modify.c:802: jstack += 2; can reach a value
>> of greater
>> 63 which leads to an overwritten pointer for AttributeDescription.
>
> Thanks for the report.
>
>> Changing the size of istack from sizeof(int) * 16 to sizeof(int)*16 +
>> 1 solves
>> the segfault. But I don't think that's the correct solution.
>> As shown here:
>> http://theory.stanford.edu/~amitp/rants/c++-vs-c/test5.cc
>> there should be a condition to break if jstack reaches the size of of
>> istack.
>
> No. In a correct implementation, jstack can never exceed the size of
> istack.
> This was fixed in similar/identical code elsewhere, e.g. commit
> bb36bdcd1c22d1fbc6575452ef5c9112715ab083 and
> e1559100eb8e9a664cd68915e5acbf8caa334fa1 but for some reason we missed
> these other instances.
>
> Fixed now in git master.

Thanks for your fast solution.
Problem is solved in git master.

Prev by Date: (ITS#7543) Statslog "conn=-1 ... ACCEPT"
Next by Date: (ITS#7544) liblmdb does not specify data lifetime
Index(es):
- Chronological
- Thread