Full_Name: Hallvard B Furuseth
Version: master, 7c6b599de6d7c0e10aa8bf6920ca07d94605e8c2
OS: Linux amd64
URL:
Submission from: (NULL) (129.240.203.186)
Submitted by: hallvard
id2entry.c:mdb_opinfo_get() renews a txn which is in use. It gets
EINVAL, which it does not catch. Caught by this patch and test064:
index 84de09d..a247974 100644
--- a/servers/slapd/back-mdb/id2entry.c
+++ b/servers/slapd/back-mdb/id2entry.c
@@ -507,3 +507,4 @@ mdb_opinfo_get( Operation *op, struct mdb_info *mdb, int
rdonly, mdb_op_info **m
if ( renew ) {
- mdb_txn_renew( moi->moi_txn );
+ rc = mdb_txn_renew( moi->moi_txn );
+ assert(rc == MDB_SUCCESS);
}
Core file in ada:/home/hallvard/openldap.g/tests/core.
#2 0x00007ff6a1609301 in *__GI___assert_fail (assertion=0x601014 "rc == 0",
file=<value optimized out>, line=509,
function=0x601141 "mdb_opinfo_get") at assert.c:81
#3 0x0000000000515db1 in mdb_opinfo_get (op=0x7ff69e411130, mdb=0x7ff6a2a02010,
rdonly=1, moip=0x7ff69e280d08)
at id2entry.c:509
#4 0x00000000004f2bed in mdb_search (op=0x7ff69e411130, rs=0x7ff69e4112a0) at
search.c:343
#5 0x00000000004c4f08 in overlay_op_walk (op=0x7ff69e411130, rs=0x7ff69e4112a0,
which=op_search, oi=0x15b30e0, on=0x0)
at backover.c:691
#6 0x00000000004c511f in over_op_func (op=0x7ff69e411130, rs=0x7ff69e4112a0,
which=op_search) at backover.c:743
#7 0x00000000004c5207 in over_op_search (op=0x7ff69e411130, rs=0x7ff69e4112a0)
at backover.c:770
#8 0x000000000052a197 in constraint_violation (c=0x15dc620, bv=0x1af6f90,
op=0x17c8cf0) at constraint.c:666
#9 0x000000000052a82a in constraint_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
constraint.c:812
#10 0x00000000004c4e69 in overlay_op_walk (op=0x17c8cf0, rs=0x7ff69e411a60,
which=op_add, oi=0x15b30e0, on=0x15b32c0)
at backover.c:681
#11 0x00000000004c511f in over_op_func (op=0x17c8cf0, rs=0x7ff69e411a60,
which=op_add) at backover.c:743
#12 0x00000000004c52af in over_op_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
backover.c:794
#13 0x000000000043aa44 in fe_op_add (op=0x17c8cf0, rs=0x7ff69e411a60) at
add.c:334
#14 0x000000000043a341 in do_add (op=0x17c8cf0, rs=0x7ff69e411a60) at add.c:194
#15 0x0000000000430da3 in connection_operation (ctx=0x7ff69e411b90,
arg_v=0x17c8cf0) at connection.c:1155
#16 0x0000000000431344 in connection_read_thread (ctx=0x7ff69e411b90, argv=0xb)
at connection.c:1291
#17 0x00000000005953c5 in ldap_int_thread_pool_wrapper (xpool=0x1543920) at
tpool.c:688
(gdb) frame 3
#3 0x0000000000515db1 in mdb_opinfo_get (op=0x7ff69e411130, mdb=0x7ff6a2a02010,
rdonly=1, moip=0x7ff69e280d08)
at id2entry.c:509
509 assert(rc == MDB_SUCCESS);
(gdb) info locals
rc = 22
renew = 1
data = 0x1af36b0
ctx = 0x7ff69e411b90
moi = 0x7ff69e280d10
oex = 0x0
__PRETTY_FUNCTION__ = "mdb_opinfo_get"
(gdb) p *moi
$1 = {moi_oe = {oe_next = {sle_next = 0x7ff69e411850}, oe_key = 0x7ff6a2a02010},
moi_txn = 0x1af36b0, moi_ref = 0,
moi_flag = 1 '\001'}
(gdb) p *moi->moi_txn
$2 = {mt_parent = 0x0, mt_child = 0x0, mt_next_pgno = 31, mt_txnid = 51, mt_env
= 0x17c0920, mt_free_pgs = 0x0,
mt_u = {dirty_list = 0x7ff6a2bd5080, reader = 0x7ff6a2bd5080}, mt_dbxs =
0x17baa80, mt_dbs = 0x1af3718,
mt_cursors = 0x0, mt_dbflags = 0x1af4f78 "\b\b\n\b\b\b\n\n\n\n\n", mt_numdbs =
11, mt_flags = 1, mt_dirty_room = 0,
mt_toggle = 1}
The EINVAL was returned because mt_dbxs != NULL.