Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo@yuriev.ru
This is a multi-part message in MIME format.
--------------090802040703090609040601
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 8bit
Patch update:
Detaching a syncops record from op-list CONDITIONALLY, only when it
was freed by syncprov_free_syncop.
The syncprov_drop_psearch() and syncprov_drop_psearch() now returns
a flag, which is nonzero if the given syncops was freed.
Leonid.
29.12.2014 13:50, Leonid Yuriev ïèøåò:
> Please review attached patch and merge-in.
>
> Leonid.
>
> ---
>
> The attached files is derived from OpenLDAP Software. All of the
> modifications
> to OpenLDAP Software represented in the following patch(es) were
> developed by
> Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned
> rights
> and/or interest in this work to any party. I, Leonid Yuriev am
> authorized by
> Peter-Service LLC, my employer, to release this work under the
> following terms.
>
> Peter-Service LLC hereby places the following modifications to
> OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.
>
--------------090802040703090609040601
Content-Type: text/x-patch;
name="its8012.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="its8012.patch"
commit 34d36d685ccb372dfd43a33730b480610ab369a0
Author: Leo Yuriev <leo(a)yuriev.ru>
Date: 2014-12-29 13:40:59 +0300
ITS#5452, ITS#8012: fix syncops list iteration and detaching on freed;
Detaching a syncops record from op-list conditionally,
only when it was freed by syncprov_free_syncop.
The syncprov_drop_psearch() and syncprov_drop_psearch() now
returns a flag, which is nonzero if the given syncops was freed.
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 5ef2eaa..2eeda4c 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -790,7 +790,7 @@ static int dec_mutexint( mutexint *mi )
return i;
}
-static void
+static int
syncprov_free_syncop( syncops *so )
{
syncres *sr, *srnext;
@@ -800,7 +800,7 @@ syncprov_free_syncop( syncops *so )
/* already being freed, or still in use */
if ( !so->s_inuse || --so->s_inuse > 0 ) {
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
- return;
+ return 0;
}
ldap_pvt_thread_mutex_unlock( &so->s_mutex );
if ( so->s_flags & PS_IS_DETACHED ) {
@@ -824,6 +824,7 @@ syncprov_free_syncop( syncops *so )
}
ldap_pvt_thread_mutex_destroy( &so->s_mutex );
ch_free( so );
+ return 1;
}
/* Send a persistent search response */
@@ -1104,9 +1105,7 @@ syncprov_drop_psearch( syncops *so, int lock )
if ( lock )
ldap_pvt_thread_mutex_unlock( &so->s_op->o_conn->c_mutex );
}
- syncprov_free_syncop( so );
-
- return 0;
+ return syncprov_free_syncop( so );
}
static int
@@ -1166,10 +1165,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
syncprov_info_t *si = on->on_bi.bi_private;
fbase_cookie fc;
- syncops *ss, *sprev, *snext;
+ syncops **pss;
Entry *e = NULL;
Attribute *a;
- int rc;
+ int rc, gonext;
struct berval newdn;
int freefdn = 0;
BackendDB *b0 = op->o_bd, db;
@@ -1229,15 +1228,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
}
ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
- for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss;
- sprev = ss, ss=snext)
+ for (pss = &si->si_ops; *pss; pss = gonext ? &(*pss)->s_next : pss)
{
Operation op2;
Opheader oh;
syncmatches *sm;
int found = 0;
+ syncops *snext, *ss = *pss;
- snext = ss->s_next;
+ gonext = 1;
if ( ss->s_op->o_abandon )
continue;
@@ -1266,9 +1265,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
SlapReply rs = {REP_RESULT};
send_ldap_error( ss->s_op, &rs, LDAP_SYNC_REFRESH_REQUIRED,
"search base has changed" );
- sprev->s_next = snext;
- syncprov_drop_psearch( ss, 1 );
- ss = sprev;
+ snext = ss->s_next;
+ if ( syncprov_drop_psearch( ss, 1 ) )
+ *pss = snext;
+ gonext = 0;
continue;
}
@@ -1342,7 +1342,11 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
/* Decrement s_inuse, was incremented when called
* with saveit == TRUE
*/
- syncprov_free_syncop( ss );
+ snext = ss->s_next;
+ if ( syncprov_free_syncop( ss ) ) {
+ *pss = snext;
+ gonext = 0;
+ }
}
}
ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
--------------090802040703090609040601--
8 years, 2 months
Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo@yuriev.ru
This is a multi-part message in MIME format.
--------------010303050205060701030601
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 7bit
Please review attached patch and merge-in.
Leonid.
---
The attached files is derived from OpenLDAP Software. All of the
modifications
to OpenLDAP Software represented in the following patch(es) were
developed by
Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned
rights
and/or interest in this work to any party. I, Leonid Yuriev am
authorized by
Peter-Service LLC, my employer, to release this work under the following
terms.
Peter-Service LLC hereby places the following modifications to OpenLDAP
Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.
--------------010303050205060701030601
Content-Type: text/x-patch;
name="its8012.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="its8012.patch"
commit decf38f5c4ca7bc90edc2def3e14ba146d786f5b
Author: Leo Yuriev <leo(a)yuriev.ru>
Date: 2014-12-29 13:40:59 +0300
ITS#8012: fix syncops list iteration;
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 5ef2eaa..eff9e1c 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -1166,10 +1166,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
syncprov_info_t *si = on->on_bi.bi_private;
fbase_cookie fc;
- syncops *ss, *sprev, *snext;
+ syncops **pss;
Entry *e = NULL;
Attribute *a;
- int rc;
+ int rc, gonext;
struct berval newdn;
int freefdn = 0;
BackendDB *b0 = op->o_bd, db;
@@ -1229,15 +1229,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
}
ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
- for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss;
- sprev = ss, ss=snext)
+ for (pss = &si->si_ops; *pss; pss = gonext ? &(*pss)->s_next : pss)
{
Operation op2;
Opheader oh;
syncmatches *sm;
int found = 0;
+ syncops *ss = *pss;
- snext = ss->s_next;
+ gonext = 1;
if ( ss->s_op->o_abandon )
continue;
@@ -1266,9 +1266,9 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
SlapReply rs = {REP_RESULT};
send_ldap_error( ss->s_op, &rs, LDAP_SYNC_REFRESH_REQUIRED,
"search base has changed" );
- sprev->s_next = snext;
+ *pss = ss->s_next;
+ gonext = 0;
syncprov_drop_psearch( ss, 1 );
- ss = sprev;
continue;
}
@@ -1342,6 +1342,8 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
/* Decrement s_inuse, was incremented when called
* with saveit == TRUE
*/
+ *pss = ss->s_next;
+ gonext = 0;
syncprov_free_syncop( ss );
}
}
--------------010303050205060701030601--
8 years, 2 months
Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo@yuriev.ru
Let see to syncprov_matchops() in syncprov.c:
lines 1233-1235 (begin of the loop):
ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss;
sprev = ss, ss=snext)
lines 1273-1275:
ss = sprev;
continue;
}
and 1347 (near from end of the loop):
syncprov_free_syncop( ss );
Seems that syncops which is freed on 1347 could be referenced by 1273 on
a next iteration of the loop.
Leonid.
8 years, 2 months
Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo@yuriev.ru
(gdb) info local
on = <optimised out>
si = 0x23b33f0
so = 0x7f14b444cd30
soprev = 0x7f14e02dc9b0
(gdb) p *so->s_op->o_hdr
Cannot access memory at address 0x3932323134313032
(gdb) p *si
$1 = {si_ops = 0x7f14e949ed60, si_contextdn = {bv_len = 7, bv_val =
0x2389e10 "dc=ldap"}, si_ctxcsn = 0x2640e60, si_sids = 0x243a6c0,
si_numcsns = 4, si_chkops = 1, si_chktime = 60, si_numops = 0,
si_nopres = 0, si_usehint = 1, si_active = 2, si_dirty = 0,
si_chklast = 1419822205, si_mods = 0x7f14bcead650, si_logs = 0x0,
si_csn_rwlock = {__data = {__lock = 0, __nr_readers = 0,
__readers_wakeup = 5312, __writer_wakeup = 9078,
__nr_readers_queued = 0, __nr_writers_queued = 0, __writer = 0, __shared
= 0, __pad1 = 0, __pad2 = 0, __flags = 0},
__size = "\000\000\000\000\000\000\000\000\300\024\000\000v#",
'\000' <repeats 41 times>, __align = 0}, si_ops_mutex = {__data =
{__lock = 1, __count = 0, __owner = 30051, __nusers = 1, __kind = 0,
__spins = 0, __elision = 0, __list = {__prev = 0x0, __next =
0x0}}, __size = "\001\000\000\000\000\000\000\000cu\000\000\001", '\000'
<repeats 26 times>, __align = 1}, si_mods_mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}},
__size = '\000' <repeats 39 times>, __align = 0},
si_resp_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev =
0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>,
__align = 0}}
(gdb) p *so
$2 = {s_next = 0x0, s_base = {bv_len = 15, bv_val = 0x7f14b4964180
"dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14b0a12d30, s_rid = 4, s_sid =
1, s_filterstr = {bv_len = 15,
bv_val = 0x7f14b4000b18 "\300\f"}, s_flags = 17, s_inuse = 1, s_res
= 0x7f14d19ff780, s_restail = 0x7f14c818b090, s_mutex = {__data =
{__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0,
__spins = 0, __elision = 0, __list = {__prev = 0x0, __next =
0x0}}, __size = '\000' <repeats 39 times>, __align = 0}}
(gdb) p *so->s_op
$3 = {o_hdr = 0x3932323134313032, o_tag = 25385731496096560, o_time =
8029759185026510703, o_tincr = 37, o_bd = 0x3932323134313032, o_req_dn =
{bv_len = 25385731496096560,
bv_val = 0x20 <Address 0x20 out of bounds>}, o_req_ndn = {bv_len =
37, bv_val = 0x7061646c3d6364 <Address 0x7061646c3d6364 out of bounds>},
o_request = {oq_add = {rs_modlist = 0x6f6f6f6f6f6f6f6f,
rs_e = 0x6f6f6f6f6f6f6f6f}, oq_bind = {rb_method = 1869573999,
rb_cred = {bv_len = 8029759185026510703, bv_val = 0x25 <Address 0x25 out
of bounds>}, rb_edn = {bv_len = 4121411795907850290,
bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of
bounds>}, rb_ssf = 32, rb_mech = {bv_len = 53, bv_val = 0x6 <Address 0x6
out of bounds>}}, oq_compare = {rs_ava = 0x6f6f6f6f6f6f6f6f},
oq_modify = {rs_mods = {rs_modlist = 0x6f6f6f6f6f6f6f6f,
rs_no_opattrs = 111 'o'}, rs_increment = 37}, oq_modrdn = {rs_mods =
{rs_modlist = 0x6f6f6f6f6f6f6f6f, rs_no_opattrs = 111 'o'},
rs_deleteoldrdn = 37, rs_newrdn = {bv_len = 4121411795907850290,
bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of bounds>},
rs_nnewrdn = {bv_len = 32,
bv_val = 0x35 <Address 0x35 out of bounds>}, rs_newSup = 0x6,
rs_nnewSup = 0x7f14b01bc820}, oq_search = {rs_scope = 1869573999,
rs_deref = 1869573999, rs_slimit = 1869573999,
rs_tlimit = 1869573999, rs_limit = 0x25, rs_attrsonly =
875638834, rs_attrs = 0x5a303034303330, rs_filter = 0x20, rs_filterstr =
{bv_len = 53, bv_val = 0x6 <Address 0x6 out of bounds>}},
oq_abandon = {rs_msgid = 1869573999}, oq_cancel = {rs_msgid =
1869573999}, oq_extended = {rs_reqoid = {bv_len = 8029759185026510703,
bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out of
bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, oq_pwdexop =
{rs_extended = {rs_reqoid = {bv_len = 8029759185026510703,
bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out
of bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, rs_old =
{bv_len = 25385731496096560,
bv_val = 0x20 <Address 0x20 out of bounds>}, rs_new = {bv_len =
53, bv_val = 0x6 <Address 0x6 out of bounds>}, rs_mods = 0x7f14b01bc820,
rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0,
o_groups = 0x6f6f6f6f6f6f6f6f, o_do_not_cache = 53 '5',
o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv =
ACL_NONE, o_nocaching = 36 '$', o_delete_glue_parent = 0 '\000',
o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000',
o_ctrlflag = "\000\000\000\000ã\033\260\024\177", '\000' <repeats 18
times>, "oooo", o_controls = 0x25, o_authz = {
sai_method = 3751589900465327636, sai_mech = {bv_len =
1617057180469906565, bv_val = 0x0}, sai_dn = {bv_len = 53, bv_val = 0xf
<Address 0xf out of bounds>}, sai_ndn = {bv_len = 139726839426656,
bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf =
48, sai_sasl_ssf = 0}, o_ber = 0x25, o_res_ber = 0x3932323134313032,
o_callback = 0x5a303034303330, o_ctrls = 0x6f6f6f6f6f007972,
o_csn = {bv_len = 37, bv_val = 0x3932323134313032 <Address
0x3932323134313032 out of bounds>}, o_private = 0x5a303034303330,
o_extra = {slh_first = 0x7972}, o_next = {stqe_next = 0x35}}
(gdb) p *op
$4 = {o_hdr = 0x7f14efffe820, o_tag = 80, o_time = 0, o_tincr = 0, o_bd
= 0x7f14efffe5d0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn =
{bv_len = 0, bv_val = 0x0}, o_request = {oq_add = {
rs_modlist = 0x3, rs_e = 0x0}, oq_bind = {rb_method = 3, rb_cred
= {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0},
rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = {
rs_ava = 0x3}, oq_modify = {rs_mods = {rs_modlist = 0x3,
rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = {rs_mods =
{rs_modlist = 0x3, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0,
rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0,
bv_val = 0x0}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope
= 3, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0,
rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter =
0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid
= 3}, oq_cancel = {rs_msgid = 3}, oq_extended = {rs_reqoid = {
bv_len = 3, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0},
oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 3, bv_val = 0x0},
rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0,
bv_val = 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods =
0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0,
o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000',
o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0
'\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000',
o_no_subordinate_glue = 0 '\000',
o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz =
{sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len
= 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0},
sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf =
0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x7f14efffe5a0, o_ctrls =
0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0,
o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}}
(gdb) p *soprev
$5 = {s_next = 0x7f14b444cd30, s_base = {bv_len = 15, bv_val =
0x7f14e063fb20 "dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14e0260c70,
s_rid = 4, s_sid = 2, s_filterstr = {bv_len = 15,
bv_val = 0x7f14e0000b18 "\300\f"}, s_flags = 2, s_inuse = 1, s_res
= 0x0, s_restail = 0x0, s_mutex = {__data = {__lock = 0, __count = 0,
__owner = 0, __nusers = 0, __kind = 0, __spins = 0,
__elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size =
'\000' <repeats 39 times>, __align = 0}}
(gdb) p op->o_hdr
$6 = (Opheader *) 0x7f14efffe820
(gdb) p *op->o_hdr
$7 = {oh_opid = 0, oh_connid = 15472, oh_conn = 0x7f15178fe390, oh_msgid
= 0, oh_protocol = 0, oh_tid = 0, oh_threadctx = 0x0, oh_tmpmemctx =
0x0, oh_tmpmfuncs = 0x0, oh_counters = 0x0,
oh_log_prefix = '\000' <repeats 255 times>}
(gdb) p *op->o_hdr->oh_conn
$8 = {c_struct_state = SLAP_C_USED, c_conn_state = SLAP_C_CLOSING,
c_conn_idx = 298, c_sd = 298, c_close_reason = 0x538d20 <conn_lost_str>
"connection lost", c_mutex = {__data = {__lock = 1, __count = 0,
__owner = 30051, __nusers = 1, __kind = 0, __spins = 0, __elision
= 0, __list = {__prev = 0x0, __next = 0x0}}, __size =
"\001\000\000\000\000\000\000\000cu\000\000\001", '\000' <repeats 26
times>,
__align = 1}, c_sb = 0x7f14d43369e0, c_starttime = 1419822255,
c_activitytime = 1419822255, c_connid = 15472, c_peer_domain = {bv_len =
7, bv_val = 0x7f14d495fdc0 "unknown"}, c_peer_name = {
bv_len = 18, bv_val = 0x7f14d495be10 "IP=127.0.0.1:52784"},
c_listener = 0x231d210, c_sasl_bind_mech = {bv_len = 0, bv_val = 0x0},
c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = {
bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x2388eb0,
c_authz_cookie = 0x0, c_authz = {sai_method = 128, sai_mech = {bv_len =
0, bv_val = 0x0}, sai_dn = {bv_len = 7,
bv_val = 0x7f14a8adeef0 "dc=ldap"}, sai_ndn = {bv_len = 7, bv_val
= 0x7f14a8c3e860 "dc=ldap"}, sai_ssf = 0, sai_transport_ssf = 0,
sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 3, c_ops = {
stqh_first = 0x7f14c13dfa50, stqh_last = 0x7f14c13dfbb8},
c_pending_ops = {stqh_first = 0x0, stqh_last = 0x7f15178fe4b8},
c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list =
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>,
__align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0,
__total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex =
0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47
times>, __align = 0}, c_write2_mutex = {__data = {__lock = 0,
__count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0,
__elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000'
<repeats 39 times>, __align = 0}, c_write2_cv = {__data = {
__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0,
__woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0},
__size = '\000' <repeats 47 times>, __align = 0},
c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000',
c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_is_tls =
0 '\000', c_needs_tls_accept = 0 '\000', c_sasl_layers = 0 '\000',
c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0,
c_sasl_extra = 0x0, c_sasl_bindop = 0x0, c_pagedresults_state = {ps_be =
0x0, ps_size = 0, ps_count = 0, ps_cookie = 0,
ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 3,
c_n_ops_executing = 1, c_n_ops_pending = 0, c_n_ops_completed = 2,
c_n_get = 3, c_n_read = 3, c_n_write = 0, c_extensions = 0x0,
c_clientfunc = 0x0, c_clientarg = 0x0, c_send_ldap_result = 0x435340
<slap_send_ldap_result>, c_send_search_entry = 0x435d80
<slap_send_search_entry>,
c_send_search_reference = 0x437270 <slap_send_search_reference>,
c_send_ldap_extended = 0x435a50 <slap_send_ldap_extended>,
c_send_ldap_intermediate = 0x435bf0 <slap_send_ldap_intermediate>}
8 years, 2 months
(ITS#8012) SIGSEGV while disconnect/abandon
by leo@yuriev.ru
Full_Name: Leonid Yuriev
Version: 2.4-HEAD
OS: Ubuntu 14.10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (31.130.36.33)
with addition into main():
+ mallopt(M_CHECK_ACTION, 7);
+ mallopt(M_PERTURB, 111);
Core was generated by `/opt/openldap.devel/libexec/slapd -l LOCAL5 -d 32768 -s 0
-4 -h ldap://10.4.0.1'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000051025d in syncprov_op_abandon (op=0x7f14efffe970,
rs=0x7f14efffe7b0) at syncprov.c:1134
1134 if ( so->s_op->o_connid == op->o_connid &&
(gdb) bt
#0 0x000000000051025d in syncprov_op_abandon (op=7x7f14efffe970,
rs=0x7f14efffe7b0) at syncprov.c:1134
#1 0x000000000048ae3a in overlay_op_walk (op=op@entry=0x7f14efffe970,
rs=0x7f14efffe7b0, which=op_abandon, oi=0x23b3030, on=0x23b3210) at
backover.c:661
#2 0x000000000048afd1 in over_op_func (op=0x7f14efffe970, rs=<optimised
out>, which=<optimised out>) at backover.c:730
#3 0x0000000000442ea7 in fe_op_abandon (op=0x7f14efffe970, rs=0x7f14efffe7b0)
at abandon.c:136
#4 0x0000000000422d3c in connection_abandon (c=c@entry=0x7f15178fe390) at
connection.c:747
#5 0x0000000000424a09 in connection_closing (c=0x7f15178fe390, why=0x538d20
<conn_lost_str> "connection lost") at connection.c:820
#6 0x00000000004255ef in connection_read (cri=<optimised out>,
s=<optimised out>) at connection.c:1476
#7 connection_read_thread (ctx=0x7f14efffebd0, argv=0x12a) at
connection.c:1284
#8 0x00007f1517613cf2 in ldap_int_thread_pool_wrapper (xpool=0x233d090) at
tpool.c:688
#9 0x00007f1516c930a5 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
coredump is available and additional info could be provided.
8 years, 2 months
Re: (ITS#8011) few mistakes in lmdb-backend
by leo@yuriev.ru
--e89a8f8389d11704db050b564d2b
Content-Type: multipart/alternative; boundary=e89a8f8389d11704d5050b564d29
--e89a8f8389d11704d5050b564d29
Content-Type: text/plain; charset=UTF-8
Updated.
Please pickup.
Leonid.
2014-12-29 1:13 GMT+03:00 Howard Chu <hyc(a)symas.com>:
> leo(a)yuriev.ru wrote:
>
>> @@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op )
>> }
>>
>> if ( !ret ) {
>> - ret = ch_malloc( mdb->mi_search_stack_depth *
>> MDB_IDL_UM_SIZE
>> - * sizeof( ID ) );
>> + size_t case_stack = mdb->mi_search_stack_depth *
>> MDB_IDL_UM_SIZE * sizeof( ID );
>> + size_t case_sctmp = MDB_IDL_UM_SIZE * sizeof( ID2 );
>> + size_t size = (case_stack > case_sctmp) ? case_stack :
>> case_sctmp;
>> + ret = ch_malloc( size );
>> if ( op->o_threadctx ) {
>> ldap_pvt_thread_pool_setkey( op->o_threadctx,
>> (void *)search_stack,
>> ret, search_stack_free, NULL, NULL );
>>
>>
> Unnecessary.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
--e89a8f8389d11704d5050b564d29
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Updated.<div>Please pickup.<div><br></div><div>Leonid.<br>=
<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">2014-12-29 1:13 G=
MT+03:00 Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com" =
target=3D"_blank">hyc(a)symas.com</a>></span>:<br><blockquote class=3D"gma=
il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef=
t:1ex"><a href=3D"mailto:leo@yuriev.ru" target=3D"_blank">leo(a)yuriev.ru</a>=
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
@@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op )<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if ( !ret ) {<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D ch_malloc( =
mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0* sizeof( ID ) );<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t case_stack =
=3D mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE * sizeof( ID );<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t case_sctmp =
=3D MDB_IDL_UM_SIZE * sizeof( ID2 );<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t size =3D (ca=
se_stack > case_sctmp) ? case_stack : case_sctmp;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D ch_malloc( =
size );<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ( op->o_threa=
dctx ) {<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)search_=
stack,<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ret, search_stack_free, NULL, NULL )=
;<br>
<br>
</blockquote>
<br>
Unnecessary.<span class=3D"HOEnZb"><font color=3D"#888888"><br>
<br>
-- <br>
=C2=A0 -- Howard Chu<br>
=C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"=
http://www.symas.com" target=3D"_blank">http://www.symas.com</a><br>
=C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland=
sun.com/hyc/" target=3D"_blank">http://highlandsun.com/hyc/</a><br>
=C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p=
roject/" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br>
</font></span></blockquote></div><br></div></div></div></div>
--e89a8f8389d11704d5050b564d29--
--e89a8f8389d11704db050b564d2b
Content-Type: text/x-patch; charset=US-ASCII; name="its8011.patch"
Content-Disposition: attachment; filename="its8011.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_i49k3q0m0
Y29tbWl0IDA1ODdiOTA0YWVhOWNkMmVjNjc2YWFjNzM2MDM0ODNiODA1ODE2ZTAKQXV0aG9yOiBM
ZW8gWXVyaWV2IDxsZW9AeXVyaWV2LnJ1PgpEYXRlOiAgIDIwMTQtMTItMjggMjM6MTQ6NTIgKzAz
MDAKCiAgICBJVFMjODAxMTogZmV3IGNvcnJlY3Rpb25zIGZvciBsbWRiLWJhY2tlbmQ7CiAgICAK
ICAgICBkbjJpZC5jOgogICAgICAgKyBhc3NlcnRpb24gZm9yIG1kYl9pZDJsX2luc2VydCgpIHJl
c3VsdDsKICAgICAgIC0gdW5uZWNlc3NhcnkgYXNzaWdubWVudDsKICAgIAogICAgIHNlYXJjaC5j
OgogICAgICAgLSB1bnVzZWQgdmFyaWFibGUgJ2ZpcnN0JzsKICAgICAgICsgcmFuZ2UtY2hlY2sg
Zm9yIG1kYl9pZGxfc2VhcmNoKCkgcmVzdWx0OwoKZGlmZiAtLWdpdCBhL3NlcnZlcnMvc2xhcGQv
YmFjay1tZGIvZG4yaWQuYyBiL3NlcnZlcnMvc2xhcGQvYmFjay1tZGIvZG4yaWQuYwppbmRleCA0
MWM0NzU4Li4wODkwYmNlIDEwMDY0NAotLS0gYS9zZXJ2ZXJzL3NsYXBkL2JhY2stbWRiL2RuMmlk
LmMKKysrIGIvc2VydmVycy9zbGFwZC9iYWNrLW1kYi9kbjJpZC5jCkBAIC03NDYsNyArNzQ2LDgg
QEAgbWRiX2lkc2NvcGVzKAogCQkJLyogcmVtZW1iZXIgb3VyIGNoYWluIG9mIHBhcmVudHMgKi8K
IAkJCWlkMi5taWQgPSBpZDsKIAkJCWlkMi5tdmFsID0gZGF0YTsKLQkJCW1kYl9pZDJsX2luc2Vy
dCggaXNjLT5zY3RtcCwgJmlkMiApOworCQkJcmMgPSBtZGJfaWQybF9pbnNlcnQoIGlzYy0+c2N0
bXAsICZpZDIgKTsKKwkJCWFzc2VydChyYyA9PSAwKTsKIAkJfQogCQlwdHIgPSBkYXRhLm12X2Rh
dGE7CiAJCXB0ciArPSBkYXRhLm12X3NpemUgLSBzaXplb2YoSUQpOwpAQCAtNzYwLDkgKzc2MSwx
MSBAQCBtZGJfaWRzY29wZXMoCiAJCWlmICggeCA8PSBpc2MtPnNjb3Blc1swXS5taWQgJiYgaXNj
LT5zY29wZXNbeF0ubWlkID09IGlkICkgewogCQkJaWYgKCAhaXNjLT5zY29wZXNbeF0ubXZhbC5t
dl9kYXRhICkgewogCQkJCS8qIFRoaXMgbm9kZSBpcyBpbiBzY29wZSwgYWRkIHBhcmVudCBjaGFp
biB0byBzY29wZSAqLwotCQkJCWludCBpID0gaXNjLT5zY3RtcFswXS5taWQ7Ci0JCQkJZm9yICgg
aSA9IDE7IGkgPD0gaXNjLT5zY3RtcFswXS5taWQ7IGkrKyApCi0JCQkJCW1kYl9pZDJsX2luc2Vy
dCggaXNjLT5zY29wZXMsICZpc2MtPnNjdG1wW2ldICk7CisJCQkJaW50IGk7CisJCQkJZm9yICgg
aSA9IDE7IGkgPD0gaXNjLT5zY3RtcFswXS5taWQ7IGkrKyApIHsKKwkJCQkJcmMgPSBtZGJfaWQy
bF9pbnNlcnQoIGlzYy0+c2NvcGVzLCAmaXNjLT5zY3RtcFtpXSApOworCQkJCQlhc3NlcnQocmMg
PT0gMCk7CisJCQkJfQogCQkJCS8qIGNoZWNrIGlkIGFnYWluIHNpbmNlIGluc2VydHMgbWF5IGhh
dmUgY2hhbmdlZCBpdHMgcG9zaXRpb24gKi8KIAkJCQlpZiAoIGlzYy0+c2NvcGVzW3hdLm1pZCAh
PSBpZCApCiAJCQkJCXggPSBtZGJfaWQybF9zZWFyY2goIGlzYy0+c2NvcGVzLCBpZCApOwpkaWZm
IC0tZ2l0IGEvc2VydmVycy9zbGFwZC9iYWNrLW1kYi9zZWFyY2guYyBiL3NlcnZlcnMvc2xhcGQv
YmFjay1tZGIvc2VhcmNoLmMKaW5kZXggOTA4OTAxNi4uMTg1ZDlmMSAxMDA2NDQKLS0tIGEvc2Vy
dmVycy9zbGFwZC9iYWNrLW1kYi9zZWFyY2guYworKysgYi9zZXJ2ZXJzL3NsYXBkL2JhY2stbWRi
L3NlYXJjaC5jCkBAIC0xNDAsNyArMTQwLDYgQEAgc3RhdGljIGludCBzZWFyY2hfYWxpYXNlcygK
IAlzdHJ1Y3QgYmVydmFsIGJ2X2FsaWFzID0gQkVSX0JWQyggImFsaWFzIiApOwogCUF0dHJpYnV0
ZUFzc2VydGlvbiBhYV9hbGlhcyA9IEFUVFJJQlVURUFTU0VSVElPTl9JTklUOwogCUZpbHRlcglh
ZjsKLQlpbnQgZmlyc3QgPSAxOwogCiAJYWxpYXNlcyA9IHN0YWNrOwkvKiBJREwgb2YgYWxsIGFs
aWFzZXMgaW4gdGhlIGRhdGFiYXNlICovCiAJY3Vyc2NvcCA9IGFsaWFzZXMgKyBNREJfSURMX0RC
X1NJWkU7CS8qIEFsaWFzZXMgaW4gdGhlIGN1cnJlbnQgc2NvcGUgKi8KQEAgLTgwNyw3ICs4MDYs
NyBAQCBsb29wX2JlZ2luOgogCQkJCQlzY29wZW9rID0gMTsKIAkJCX0gZWxzZSB7CiAJCQkJaSA9
IG1kYl9pZGxfc2VhcmNoKCBjYW5kaWRhdGVzLCBpZCApOwotCQkJCWlmICggY2FuZGlkYXRlc1tp
XSA9PSBpZCApCisJCQkJaWYgKGkgPD0gY2FuZGlkYXRlc1swXSAmJiBjYW5kaWRhdGVzW2ldID09
IGlkICkKIAkJCQkJc2NvcGVvayA9IDE7CiAJCQl9CiAJCQlpZiAoIHNjb3Blb2sgKQo=
--e89a8f8389d11704db050b564d2b--
8 years, 2 months
Re: (ITS#8011) few mistakes in lmdb-backend
by hyc@symas.com
leo(a)yuriev.ru wrote:
> @@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op )
> }
>
> if ( !ret ) {
> - ret = ch_malloc( mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE
> - * sizeof( ID ) );
> + size_t case_stack = mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE * sizeof( ID );
> + size_t case_sctmp = MDB_IDL_UM_SIZE * sizeof( ID2 );
> + size_t size = (case_stack > case_sctmp) ? case_stack : case_sctmp;
> + ret = ch_malloc( size );
> if ( op->o_threadctx ) {
> ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)search_stack,
> ret, search_stack_free, NULL, NULL );
>
Unnecessary.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 2 months
