openldap-bugs December 2014

openldap-bugs@openldap.org

24 participants
95 discussions

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

This is a multi-part message in MIME format. --------------090802040703090609040601 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit Patch update: Detaching a syncops record from op-list CONDITIONALLY, only when it was freed by syncprov_free_syncop. The syncprov_drop_psearch() and syncprov_drop_psearch() now returns a flag, which is nonzero if the given syncops was freed. Leonid. 29.12.2014 13:50, Leonid Yuriev ïèøåò: > Please review attached patch and merge-in. > > Leonid. > > --- > > The attached files is derived from OpenLDAP Software. All of the > modifications > to OpenLDAP Software represented in the following patch(es) were > developed by > Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned > rights > and/or interest in this work to any party. I, Leonid Yuriev am > authorized by > Peter-Service LLC, my employer, to release this work under the > following terms. > > Peter-Service LLC hereby places the following modifications to > OpenLDAP Software > (and only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or without attribution and/or other notice. > --------------090802040703090609040601 Content-Type: text/x-patch; name="its8012.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="its8012.patch" commit 34d36d685ccb372dfd43a33730b480610ab369a0 Author: Leo Yuriev <leo(a)yuriev.ru> Date: 2014-12-29 13:40:59 +0300 ITS#5452, ITS#8012: fix syncops list iteration and detaching on freed; Detaching a syncops record from op-list conditionally, only when it was freed by syncprov_free_syncop. The syncprov_drop_psearch() and syncprov_drop_psearch() now returns a flag, which is nonzero if the given syncops was freed. diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 5ef2eaa..2eeda4c 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -790,7 +790,7 @@ static int dec_mutexint( mutexint *mi ) return i; } -static void +static int syncprov_free_syncop( syncops *so ) { syncres *sr, *srnext; @@ -800,7 +800,7 @@ syncprov_free_syncop( syncops *so ) /* already being freed, or still in use */ if ( !so->s_inuse || --so->s_inuse > 0 ) { ldap_pvt_thread_mutex_unlock( &so->s_mutex ); - return; + return 0; } ldap_pvt_thread_mutex_unlock( &so->s_mutex ); if ( so->s_flags & PS_IS_DETACHED ) { @@ -824,6 +824,7 @@ syncprov_free_syncop( syncops *so ) } ldap_pvt_thread_mutex_destroy( &so->s_mutex ); ch_free( so ); + return 1; } /* Send a persistent search response */ @@ -1104,9 +1105,7 @@ syncprov_drop_psearch( syncops *so, int lock ) if ( lock ) ldap_pvt_thread_mutex_unlock( &so->s_op->o_conn->c_mutex ); } - syncprov_free_syncop( so ); - - return 0; + return syncprov_free_syncop( so ); } static int @@ -1166,10 +1165,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) syncprov_info_t *si = on->on_bi.bi_private; fbase_cookie fc; - syncops *ss, *sprev, *snext; + syncops **pss; Entry *e = NULL; Attribute *a; - int rc; + int rc, gonext; struct berval newdn; int freefdn = 0; BackendDB *b0 = op->o_bd, db; @@ -1229,15 +1228,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) } ldap_pvt_thread_mutex_lock( &si->si_ops_mutex ); - for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss; - sprev = ss, ss=snext) + for (pss = &si->si_ops; *pss; pss = gonext ? &(*pss)->s_next : pss) { Operation op2; Opheader oh; syncmatches *sm; int found = 0; + syncops *snext, *ss = *pss; - snext = ss->s_next; + gonext = 1; if ( ss->s_op->o_abandon ) continue; @@ -1266,9 +1265,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) SlapReply rs = {REP_RESULT}; send_ldap_error( ss->s_op, &rs, LDAP_SYNC_REFRESH_REQUIRED, "search base has changed" ); - sprev->s_next = snext; - syncprov_drop_psearch( ss, 1 ); - ss = sprev; + snext = ss->s_next; + if ( syncprov_drop_psearch( ss, 1 ) ) + *pss = snext; + gonext = 0; continue; } @@ -1342,7 +1342,11 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) /* Decrement s_inuse, was incremented when called * with saveit == TRUE */ - syncprov_free_syncop( ss ); + snext = ss->s_next; + if ( syncprov_free_syncop( ss ) ) { + *pss = snext; + gonext = 0; + } } } ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex ); --------------090802040703090609040601--

1 0

Re: (ITS#5452) seg fault in syncprov_op abandon on master
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

ITS#8012 is a duplicate of this bug. Please see ones and review/apply the patch. http://www.openldap.org/its/index.cgi/Incoming?id=8012 Leonid.

1 0

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

I think this is duplicate of ITS#5452. Happy New Year! Leonid.

1 0

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

This is a multi-part message in MIME format. --------------010303050205060701030601 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Please review attached patch and merge-in. Leonid. --- The attached files is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned rights and/or interest in this work to any party. I, Leonid Yuriev am authorized by Peter-Service LLC, my employer, to release this work under the following terms. Peter-Service LLC hereby places the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. --------------010303050205060701030601 Content-Type: text/x-patch; name="its8012.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="its8012.patch" commit decf38f5c4ca7bc90edc2def3e14ba146d786f5b Author: Leo Yuriev <leo(a)yuriev.ru> Date: 2014-12-29 13:40:59 +0300 ITS#8012: fix syncops list iteration; diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 5ef2eaa..eff9e1c 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -1166,10 +1166,10 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) syncprov_info_t *si = on->on_bi.bi_private; fbase_cookie fc; - syncops *ss, *sprev, *snext; + syncops **pss; Entry *e = NULL; Attribute *a; - int rc; + int rc, gonext; struct berval newdn; int freefdn = 0; BackendDB *b0 = op->o_bd, db; @@ -1229,15 +1229,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) } ldap_pvt_thread_mutex_lock( &si->si_ops_mutex ); - for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss; - sprev = ss, ss=snext) + for (pss = &si->si_ops; *pss; pss = gonext ? &(*pss)->s_next : pss) { Operation op2; Opheader oh; syncmatches *sm; int found = 0; + syncops *ss = *pss; - snext = ss->s_next; + gonext = 1; if ( ss->s_op->o_abandon ) continue; @@ -1266,9 +1266,9 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) SlapReply rs = {REP_RESULT}; send_ldap_error( ss->s_op, &rs, LDAP_SYNC_REFRESH_REQUIRED, "search base has changed" ); - sprev->s_next = snext; + *pss = ss->s_next; + gonext = 0; syncprov_drop_psearch( ss, 1 ); - ss = sprev; continue; } @@ -1342,6 +1342,8 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) /* Decrement s_inuse, was incremented when called * with saveit == TRUE */ + *pss = ss->s_next; + gonext = 0; syncprov_free_syncop( ss ); } } --------------010303050205060701030601--

1 0

Re: (ITS#6104) race condition with cancel operation
by ddh3eaa＠gmail.com 29 Dec '14

29 Dec '14

Sent from my iPhone

1 0

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

Let see to syncprov_matchops() in syncprov.c: lines 1233-1235 (begin of the loop): ldap_pvt_thread_mutex_lock( &si->si_ops_mutex ); for (ss = si->si_ops, sprev = (syncops *)&si->si_ops; ss; sprev = ss, ss=snext) lines 1273-1275: ss = sprev; continue; } and 1347 (near from end of the loop): syncprov_free_syncop( ss ); Seems that syncops which is freed on 1347 could be referenced by 1273 on a next iteration of the loop. Leonid.

1 0

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

(gdb) info local on = <optimised out> si = 0x23b33f0 so = 0x7f14b444cd30 soprev = 0x7f14e02dc9b0 (gdb) p *so->s_op->o_hdr Cannot access memory at address 0x3932323134313032 (gdb) p *si $1 = {si_ops = 0x7f14e949ed60, si_contextdn = {bv_len = 7, bv_val = 0x2389e10 "dc=ldap"}, si_ctxcsn = 0x2640e60, si_sids = 0x243a6c0, si_numcsns = 4, si_chkops = 1, si_chktime = 60, si_numops = 0, si_nopres = 0, si_usehint = 1, si_active = 2, si_dirty = 0, si_chklast = 1419822205, si_mods = 0x7f14bcead650, si_logs = 0x0, si_csn_rwlock = {__data = {__lock = 0, __nr_readers = 0, __readers_wakeup = 5312, __writer_wakeup = 9078, __nr_readers_queued = 0, __nr_writers_queued = 0, __writer = 0, __shared = 0, __pad1 = 0, __pad2 = 0, __flags = 0}, __size = "\000\000\000\000\000\000\000\000\300\024\000\000v#", '\000' <repeats 41 times>, __align = 0}, si_ops_mutex = {__data = {__lock = 1, __count = 0, __owner = 30051, __nusers = 1, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = "\001\000\000\000\000\000\000\000cu\000\000\001", '\000' <repeats 26 times>, __align = 1}, si_mods_mutex = {__data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, si_resp_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}} (gdb) p *so $2 = {s_next = 0x0, s_base = {bv_len = 15, bv_val = 0x7f14b4964180 "dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14b0a12d30, s_rid = 4, s_sid = 1, s_filterstr = {bv_len = 15, bv_val = 0x7f14b4000b18 "\300\f"}, s_flags = 17, s_inuse = 1, s_res = 0x7f14d19ff780, s_restail = 0x7f14c818b090, s_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}} (gdb) p *so->s_op $3 = {o_hdr = 0x3932323134313032, o_tag = 25385731496096560, o_time = 8029759185026510703, o_tincr = 37, o_bd = 0x3932323134313032, o_req_dn = {bv_len = 25385731496096560, bv_val = 0x20 <Address 0x20 out of bounds>}, o_req_ndn = {bv_len = 37, bv_val = 0x7061646c3d6364 <Address 0x7061646c3d6364 out of bounds>}, o_request = {oq_add = {rs_modlist = 0x6f6f6f6f6f6f6f6f, rs_e = 0x6f6f6f6f6f6f6f6f}, oq_bind = {rb_method = 1869573999, rb_cred = {bv_len = 8029759185026510703, bv_val = 0x25 <Address 0x25 out of bounds>}, rb_edn = {bv_len = 4121411795907850290, bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of bounds>}, rb_ssf = 32, rb_mech = {bv_len = 53, bv_val = 0x6 <Address 0x6 out of bounds>}}, oq_compare = {rs_ava = 0x6f6f6f6f6f6f6f6f}, oq_modify = {rs_mods = {rs_modlist = 0x6f6f6f6f6f6f6f6f, rs_no_opattrs = 111 'o'}, rs_increment = 37}, oq_modrdn = {rs_mods = {rs_modlist = 0x6f6f6f6f6f6f6f6f, rs_no_opattrs = 111 'o'}, rs_deleteoldrdn = 37, rs_newrdn = {bv_len = 4121411795907850290, bv_val = 0x5a303034303330 <Address 0x5a303034303330 out of bounds>}, rs_nnewrdn = {bv_len = 32, bv_val = 0x35 <Address 0x35 out of bounds>}, rs_newSup = 0x6, rs_nnewSup = 0x7f14b01bc820}, oq_search = {rs_scope = 1869573999, rs_deref = 1869573999, rs_slimit = 1869573999, rs_tlimit = 1869573999, rs_limit = 0x25, rs_attrsonly = 875638834, rs_attrs = 0x5a303034303330, rs_filter = 0x20, rs_filterstr = {bv_len = 53, bv_val = 0x6 <Address 0x6 out of bounds>}}, oq_abandon = {rs_msgid = 1869573999}, oq_cancel = {rs_msgid = 1869573999}, oq_extended = {rs_reqoid = {bv_len = 8029759185026510703, bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out of bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 8029759185026510703, bv_val = 0x6f6f6f6f6f6f6f6f <Address 0x6f6f6f6f6f6f6f6f out of bounds>}, rs_flags = 37, rs_reqdata = 0x3932323134313032}, rs_old = {bv_len = 25385731496096560, bv_val = 0x20 <Address 0x20 out of bounds>}, rs_new = {bv_len = 53, bv_val = 0x6 <Address 0x6 out of bounds>}, rs_mods = 0x7f14b01bc820, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x6f6f6f6f6f6f6f6f, o_do_not_cache = 53 '5', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 36 '$', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = "\000\000\000\000ã\033\260\024\177", '\000' <repeats 18 times>, "oooo", o_controls = 0x25, o_authz = { sai_method = 3751589900465327636, sai_mech = {bv_len = 1617057180469906565, bv_val = 0x0}, sai_dn = {bv_len = 53, bv_val = 0xf <Address 0xf out of bounds>}, sai_ndn = {bv_len = 139726839426656, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 48, sai_sasl_ssf = 0}, o_ber = 0x25, o_res_ber = 0x3932323134313032, o_callback = 0x5a303034303330, o_ctrls = 0x6f6f6f6f6f007972, o_csn = {bv_len = 37, bv_val = 0x3932323134313032 <Address 0x3932323134313032 out of bounds>}, o_private = 0x5a303034303330, o_extra = {slh_first = 0x7972}, o_next = {stqe_next = 0x35}} (gdb) p *op $4 = {o_hdr = 0x7f14efffe820, o_tag = 80, o_time = 0, o_tincr = 0, o_bd = 0x7f14efffe5d0, o_req_dn = {bv_len = 0, bv_val = 0x0}, o_req_ndn = {bv_len = 0, bv_val = 0x0}, o_request = {oq_add = { rs_modlist = 0x3, rs_e = 0x0}, oq_bind = {rb_method = 3, rb_cred = {bv_len = 0, bv_val = 0x0}, rb_edn = {bv_len = 0, bv_val = 0x0}, rb_ssf = 0, rb_mech = {bv_len = 0, bv_val = 0x0}}, oq_compare = { rs_ava = 0x3}, oq_modify = {rs_mods = {rs_modlist = 0x3, rs_no_opattrs = 0 '\000'}, rs_increment = 0}, oq_modrdn = {rs_mods = {rs_modlist = 0x3, rs_no_opattrs = 0 '\000'}, rs_deleteoldrdn = 0, rs_newrdn = {bv_len = 0, bv_val = 0x0}, rs_nnewrdn = {bv_len = 0, bv_val = 0x0}, rs_newSup = 0x0, rs_nnewSup = 0x0}, oq_search = {rs_scope = 3, rs_deref = 0, rs_slimit = 0, rs_tlimit = 0, rs_limit = 0x0, rs_attrsonly = 0, rs_attrs = 0x0, rs_filter = 0x0, rs_filterstr = {bv_len = 0, bv_val = 0x0}}, oq_abandon = {rs_msgid = 3}, oq_cancel = {rs_msgid = 3}, oq_extended = {rs_reqoid = { bv_len = 3, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, oq_pwdexop = {rs_extended = {rs_reqoid = {bv_len = 3, bv_val = 0x0}, rs_flags = 0, rs_reqdata = 0x0}, rs_old = {bv_len = 0, bv_val = 0x0}, rs_new = {bv_len = 0, bv_val = 0x0}, rs_mods = 0x0, rs_modtail = 0x0}}, o_abandon = 0, o_cancel = 0, o_groups = 0x0, o_do_not_cache = 0 '\000', o_is_auth_check = 0 '\000', o_dont_replicate = 0 '\000', o_acl_priv = ACL_NONE, o_nocaching = 0 '\000', o_delete_glue_parent = 0 '\000', o_no_schema_check = 0 '\000', o_no_subordinate_glue = 0 '\000', o_ctrlflag = '\000' <repeats 31 times>, o_controls = 0x0, o_authz = {sai_method = 0, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 0, bv_val = 0x0}, sai_ndn = {bv_len = 0, bv_val = 0x0}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, o_ber = 0x0, o_res_ber = 0x0, o_callback = 0x7f14efffe5a0, o_ctrls = 0x0, o_csn = {bv_len = 0, bv_val = 0x0}, o_private = 0x0, o_extra = {slh_first = 0x0}, o_next = {stqe_next = 0x0}} (gdb) p *soprev $5 = {s_next = 0x7f14b444cd30, s_base = {bv_len = 15, bv_val = 0x7f14e063fb20 "dc=ngdr,dc=ldap"}, s_eid = 4, s_op = 0x7f14e0260c70, s_rid = 4, s_sid = 2, s_filterstr = {bv_len = 15, bv_val = 0x7f14e0000b18 "\300\f"}, s_flags = 2, s_inuse = 1, s_res = 0x0, s_restail = 0x0, s_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}} (gdb) p op->o_hdr $6 = (Opheader *) 0x7f14efffe820 (gdb) p *op->o_hdr $7 = {oh_opid = 0, oh_connid = 15472, oh_conn = 0x7f15178fe390, oh_msgid = 0, oh_protocol = 0, oh_tid = 0, oh_threadctx = 0x0, oh_tmpmemctx = 0x0, oh_tmpmfuncs = 0x0, oh_counters = 0x0, oh_log_prefix = '\000' <repeats 255 times>} (gdb) p *op->o_hdr->oh_conn $8 = {c_struct_state = SLAP_C_USED, c_conn_state = SLAP_C_CLOSING, c_conn_idx = 298, c_sd = 298, c_close_reason = 0x538d20 <conn_lost_str> "connection lost", c_mutex = {__data = {__lock = 1, __count = 0, __owner = 30051, __nusers = 1, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = "\001\000\000\000\000\000\000\000cu\000\000\001", '\000' <repeats 26 times>, __align = 1}, c_sb = 0x7f14d43369e0, c_starttime = 1419822255, c_activitytime = 1419822255, c_connid = 15472, c_peer_domain = {bv_len = 7, bv_val = 0x7f14d495fdc0 "unknown"}, c_peer_name = { bv_len = 18, bv_val = 0x7f14d495be10 "IP=127.0.0.1:52784"}, c_listener = 0x231d210, c_sasl_bind_mech = {bv_len = 0, bv_val = 0x0}, c_sasl_dn = {bv_len = 0, bv_val = 0x0}, c_sasl_authz_dn = { bv_len = 0, bv_val = 0x0}, c_authz_backend = 0x2388eb0, c_authz_cookie = 0x0, c_authz = {sai_method = 128, sai_mech = {bv_len = 0, bv_val = 0x0}, sai_dn = {bv_len = 7, bv_val = 0x7f14a8adeef0 "dc=ldap"}, sai_ndn = {bv_len = 7, bv_val = 0x7f14a8c3e860 "dc=ldap"}, sai_ssf = 0, sai_transport_ssf = 0, sai_tls_ssf = 0, sai_sasl_ssf = 0}, c_protocol = 3, c_ops = { stqh_first = 0x7f14c13dfa50, stqh_last = 0x7f14c13dfbb8}, c_pending_ops = {stqh_first = 0x0, stqh_last = 0x7f15178fe4b8}, c_write1_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write1_cv = {__data = {__lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_write2_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, c_write2_cv = {__data = { __lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>, __align = 0}, c_currentber = 0x0, c_writers = 0, c_writing = 0 '\000', c_sasl_bind_in_progress = 0 '\000', c_writewaiter = 0 '\000', c_is_tls = 0 '\000', c_needs_tls_accept = 0 '\000', c_sasl_layers = 0 '\000', c_sasl_done = 0 '\000', c_sasl_authctx = 0x0, c_sasl_sockctx = 0x0, c_sasl_extra = 0x0, c_sasl_bindop = 0x0, c_pagedresults_state = {ps_be = 0x0, ps_size = 0, ps_count = 0, ps_cookie = 0, ps_cookieval = {bv_len = 0, bv_val = 0x0}}, c_n_ops_received = 3, c_n_ops_executing = 1, c_n_ops_pending = 0, c_n_ops_completed = 2, c_n_get = 3, c_n_read = 3, c_n_write = 0, c_extensions = 0x0, c_clientfunc = 0x0, c_clientarg = 0x0, c_send_ldap_result = 0x435340 <slap_send_ldap_result>, c_send_search_entry = 0x435d80 <slap_send_search_entry>, c_send_search_reference = 0x437270 <slap_send_search_reference>, c_send_ldap_extended = 0x435a50 <slap_send_ldap_extended>, c_send_ldap_intermediate = 0x435bf0 <slap_send_ldap_intermediate>}

1 0

(ITS#8012) SIGSEGV while disconnect/abandon
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

Full_Name: Leonid Yuriev Version: 2.4-HEAD OS: Ubuntu 14.10 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (31.130.36.33) with addition into main(): + mallopt(M_CHECK_ACTION, 7); + mallopt(M_PERTURB, 111); Core was generated by `/opt/openldap.devel/libexec/slapd -l LOCAL5 -d 32768 -s 0 -4 -h ldap://10.4.0.1'. Program terminated with signal 11, Segmentation fault. #0 0x000000000051025d in syncprov_op_abandon (op=0x7f14efffe970, rs=0x7f14efffe7b0) at syncprov.c:1134 1134 if ( so->s_op->o_connid == op->o_connid && (gdb) bt #0 0x000000000051025d in syncprov_op_abandon (op=7x7f14efffe970, rs=0x7f14efffe7b0) at syncprov.c:1134 #1 0x000000000048ae3a in overlay_op_walk (op=op@entry=0x7f14efffe970, rs=0x7f14efffe7b0, which=op_abandon, oi=0x23b3030, on=0x23b3210) at backover.c:661 #2 0x000000000048afd1 in over_op_func (op=0x7f14efffe970, rs=<optimised out>, which=<optimised out>) at backover.c:730 #3 0x0000000000442ea7 in fe_op_abandon (op=0x7f14efffe970, rs=0x7f14efffe7b0) at abandon.c:136 #4 0x0000000000422d3c in connection_abandon (c=c@entry=0x7f15178fe390) at connection.c:747 #5 0x0000000000424a09 in connection_closing (c=0x7f15178fe390, why=0x538d20 <conn_lost_str> "connection lost") at connection.c:820 #6 0x00000000004255ef in connection_read (cri=<optimised out>, s=<optimised out>) at connection.c:1476 #7 connection_read_thread (ctx=0x7f14efffebd0, argv=0x12a) at connection.c:1284 #8 0x00007f1517613cf2 in ldap_int_thread_pool_wrapper (xpool=0x233d090) at tpool.c:688 #9 0x00007f1516c930a5 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 coredump is available and additional info could be provided.

1 0

Re: (ITS#8011) few mistakes in lmdb-backend
by leo＠yuriev.ru 29 Dec '14

29 Dec '14

--e89a8f8389d11704db050b564d2b Content-Type: multipart/alternative; boundary=e89a8f8389d11704d5050b564d29 --e89a8f8389d11704d5050b564d29 Content-Type: text/plain; charset=UTF-8 Updated. Please pickup. Leonid. 2014-12-29 1:13 GMT+03:00 Howard Chu <hyc(a)symas.com>: > leo(a)yuriev.ru wrote: > >> @@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op ) >> } >> >> if ( !ret ) { >> - ret = ch_malloc( mdb->mi_search_stack_depth * >> MDB_IDL_UM_SIZE >> - * sizeof( ID ) ); >> + size_t case_stack = mdb->mi_search_stack_depth * >> MDB_IDL_UM_SIZE * sizeof( ID ); >> + size_t case_sctmp = MDB_IDL_UM_SIZE * sizeof( ID2 ); >> + size_t size = (case_stack > case_sctmp) ? case_stack : >> case_sctmp; >> + ret = ch_malloc( size ); >> if ( op->o_threadctx ) { >> ldap_pvt_thread_pool_setkey( op->o_threadctx, >> (void *)search_stack, >> ret, search_stack_free, NULL, NULL ); >> >> > Unnecessary. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --e89a8f8389d11704d5050b564d29 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Updated.<div>Please pickup.<div><br></div><div>Leonid.<br>= <div class=3D"gmail_extra"><br><div class=3D"gmail_quote">2014-12-29 1:13 G= MT+03:00 Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com" = target=3D"_blank">hyc(a)symas.com</a>></span>:<br><blockquote class=3D"gma= il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef= t:1ex"><a href=3D"mailto:leo@yuriev.ru" target=3D"_blank">leo(a)yuriev.ru</a>= wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> @@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op )<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ( !ret ) {<br> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D ch_malloc( = mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE<br> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0* sizeof( ID ) );<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t case_stack = =3D mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE * sizeof( ID );<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t case_sctmp = =3D MDB_IDL_UM_SIZE * sizeof( ID2 );<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0size_t size =3D (ca= se_stack > case_sctmp) ? case_stack : case_sctmp;<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D ch_malloc( = size );<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ( op->o_threa= dctx ) {<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)search_= stack,<br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ret, search_stack_free, NULL, NULL )= ;<br> <br> </blockquote> <br> Unnecessary.<span class=3D"HOEnZb"><font color=3D"#888888"><br> <br> -- <br> =C2=A0 -- Howard Chu<br> =C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"= http://www.symas.com" target=3D"_blank">http://www.symas.com</a><br> =C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland= sun.com/hyc/" target=3D"_blank">http://highlandsun.com/hyc/</a><br> =C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p= roject/" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br> </font></span></blockquote></div><br></div></div></div></div> --e89a8f8389d11704d5050b564d29-- --e89a8f8389d11704db050b564d2b Content-Type: text/x-patch; charset=US-ASCII; name="its8011.patch" Content-Disposition: attachment; filename="its8011.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_i49k3q0m0 Y29tbWl0IDA1ODdiOTA0YWVhOWNkMmVjNjc2YWFjNzM2MDM0ODNiODA1ODE2ZTAKQXV0aG9yOiBM ZW8gWXVyaWV2IDxsZW9AeXVyaWV2LnJ1PgpEYXRlOiAgIDIwMTQtMTItMjggMjM6MTQ6NTIgKzAz MDAKCiAgICBJVFMjODAxMTogZmV3IGNvcnJlY3Rpb25zIGZvciBsbWRiLWJhY2tlbmQ7CiAgICAK ICAgICBkbjJpZC5jOgogICAgICAgKyBhc3NlcnRpb24gZm9yIG1kYl9pZDJsX2luc2VydCgpIHJl c3VsdDsKICAgICAgIC0gdW5uZWNlc3NhcnkgYXNzaWdubWVudDsKICAgIAogICAgIHNlYXJjaC5j OgogICAgICAgLSB1bnVzZWQgdmFyaWFibGUgJ2ZpcnN0JzsKICAgICAgICsgcmFuZ2UtY2hlY2sg Zm9yIG1kYl9pZGxfc2VhcmNoKCkgcmVzdWx0OwoKZGlmZiAtLWdpdCBhL3NlcnZlcnMvc2xhcGQv YmFjay1tZGIvZG4yaWQuYyBiL3NlcnZlcnMvc2xhcGQvYmFjay1tZGIvZG4yaWQuYwppbmRleCA0 MWM0NzU4Li4wODkwYmNlIDEwMDY0NAotLS0gYS9zZXJ2ZXJzL3NsYXBkL2JhY2stbWRiL2RuMmlk LmMKKysrIGIvc2VydmVycy9zbGFwZC9iYWNrLW1kYi9kbjJpZC5jCkBAIC03NDYsNyArNzQ2LDgg QEAgbWRiX2lkc2NvcGVzKAogCQkJLyogcmVtZW1iZXIgb3VyIGNoYWluIG9mIHBhcmVudHMgKi8K IAkJCWlkMi5taWQgPSBpZDsKIAkJCWlkMi5tdmFsID0gZGF0YTsKLQkJCW1kYl9pZDJsX2luc2Vy dCggaXNjLT5zY3RtcCwgJmlkMiApOworCQkJcmMgPSBtZGJfaWQybF9pbnNlcnQoIGlzYy0+c2N0 bXAsICZpZDIgKTsKKwkJCWFzc2VydChyYyA9PSAwKTsKIAkJfQogCQlwdHIgPSBkYXRhLm12X2Rh dGE7CiAJCXB0ciArPSBkYXRhLm12X3NpemUgLSBzaXplb2YoSUQpOwpAQCAtNzYwLDkgKzc2MSwx MSBAQCBtZGJfaWRzY29wZXMoCiAJCWlmICggeCA8PSBpc2MtPnNjb3Blc1swXS5taWQgJiYgaXNj LT5zY29wZXNbeF0ubWlkID09IGlkICkgewogCQkJaWYgKCAhaXNjLT5zY29wZXNbeF0ubXZhbC5t dl9kYXRhICkgewogCQkJCS8qIFRoaXMgbm9kZSBpcyBpbiBzY29wZSwgYWRkIHBhcmVudCBjaGFp biB0byBzY29wZSAqLwotCQkJCWludCBpID0gaXNjLT5zY3RtcFswXS5taWQ7Ci0JCQkJZm9yICgg aSA9IDE7IGkgPD0gaXNjLT5zY3RtcFswXS5taWQ7IGkrKyApCi0JCQkJCW1kYl9pZDJsX2luc2Vy dCggaXNjLT5zY29wZXMsICZpc2MtPnNjdG1wW2ldICk7CisJCQkJaW50IGk7CisJCQkJZm9yICgg aSA9IDE7IGkgPD0gaXNjLT5zY3RtcFswXS5taWQ7IGkrKyApIHsKKwkJCQkJcmMgPSBtZGJfaWQy bF9pbnNlcnQoIGlzYy0+c2NvcGVzLCAmaXNjLT5zY3RtcFtpXSApOworCQkJCQlhc3NlcnQocmMg PT0gMCk7CisJCQkJfQogCQkJCS8qIGNoZWNrIGlkIGFnYWluIHNpbmNlIGluc2VydHMgbWF5IGhh dmUgY2hhbmdlZCBpdHMgcG9zaXRpb24gKi8KIAkJCQlpZiAoIGlzYy0+c2NvcGVzW3hdLm1pZCAh PSBpZCApCiAJCQkJCXggPSBtZGJfaWQybF9zZWFyY2goIGlzYy0+c2NvcGVzLCBpZCApOwpkaWZm IC0tZ2l0IGEvc2VydmVycy9zbGFwZC9iYWNrLW1kYi9zZWFyY2guYyBiL3NlcnZlcnMvc2xhcGQv YmFjay1tZGIvc2VhcmNoLmMKaW5kZXggOTA4OTAxNi4uMTg1ZDlmMSAxMDA2NDQKLS0tIGEvc2Vy dmVycy9zbGFwZC9iYWNrLW1kYi9zZWFyY2guYworKysgYi9zZXJ2ZXJzL3NsYXBkL2JhY2stbWRi L3NlYXJjaC5jCkBAIC0xNDAsNyArMTQwLDYgQEAgc3RhdGljIGludCBzZWFyY2hfYWxpYXNlcygK IAlzdHJ1Y3QgYmVydmFsIGJ2X2FsaWFzID0gQkVSX0JWQyggImFsaWFzIiApOwogCUF0dHJpYnV0 ZUFzc2VydGlvbiBhYV9hbGlhcyA9IEFUVFJJQlVURUFTU0VSVElPTl9JTklUOwogCUZpbHRlcglh ZjsKLQlpbnQgZmlyc3QgPSAxOwogCiAJYWxpYXNlcyA9IHN0YWNrOwkvKiBJREwgb2YgYWxsIGFs aWFzZXMgaW4gdGhlIGRhdGFiYXNlICovCiAJY3Vyc2NvcCA9IGFsaWFzZXMgKyBNREJfSURMX0RC X1NJWkU7CS8qIEFsaWFzZXMgaW4gdGhlIGN1cnJlbnQgc2NvcGUgKi8KQEAgLTgwNyw3ICs4MDYs NyBAQCBsb29wX2JlZ2luOgogCQkJCQlzY29wZW9rID0gMTsKIAkJCX0gZWxzZSB7CiAJCQkJaSA9 IG1kYl9pZGxfc2VhcmNoKCBjYW5kaWRhdGVzLCBpZCApOwotCQkJCWlmICggY2FuZGlkYXRlc1tp XSA9PSBpZCApCisJCQkJaWYgKGkgPD0gY2FuZGlkYXRlc1swXSAmJiBjYW5kaWRhdGVzW2ldID09 IGlkICkKIAkJCQkJc2NvcGVvayA9IDE7CiAJCQl9CiAJCQlpZiAoIHNjb3Blb2sgKQo= --e89a8f8389d11704db050b564d2b--

1 0

Re: (ITS#8011) few mistakes in lmdb-backend
by hyc＠symas.com 28 Dec '14

28 Dec '14

leo(a)yuriev.ru wrote: > @@ -1265,8 +1264,10 @@ static void *search_stack( Operation *op ) > } > > if ( !ret ) { > - ret = ch_malloc( mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE > - * sizeof( ID ) ); > + size_t case_stack = mdb->mi_search_stack_depth * MDB_IDL_UM_SIZE * sizeof( ID ); > + size_t case_sctmp = MDB_IDL_UM_SIZE * sizeof( ID2 ); > + size_t size = (case_stack > case_sctmp) ? case_stack : case_sctmp; > + ret = ch_malloc( size ); > if ( op->o_threadctx ) { > ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)search_stack, > ret, search_stack_free, NULL, NULL ); > Unnecessary. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs December 2014