Full_Name: Luca BRUNO
Version: 2.4.40
OS: Debian
URL:
Submission from: (NULL) (217.110.53.72)
Hi,
slapd 2.4.40 realiably crashes when modifying the 0th olcAttributeTypes element
in a olcSchemaConfig object.
This is a stacktrace captured when trying to change the "DESC" field of the
"gecos" attribute in the "nis" schema (this is just an easier/dumb reproducer,
the crash was first seen in production with a custom schema).
Short stacktrace first:
"""
#0 0x00007f804d028d78 in at_next (at=at@entry=0x7f8040842318) at
../../../../servers/slapd/at.c:368
#1 0x00007f804cfd1a2a in config_generic (c=0x7f8040845650) at
../../../../servers/slapd/bconfig.c:1686
#2 0x00007f804cfd7a4b in config_set_vals (Conf=0x7f804d2d4ca0,
c=0x7f8040845650) at ../../../../servers/slapd/config.c:353
#3 0x00007f804cfd846d in config_parse_add (ct=ct@entry=0x7f804d2d4ca0,
c=c@entry=0x7f8040845650, valx=<optimized out>)
at ../../../../servers/slapd/config.c:697
#4 0x00007f804cfcb977 in config_modify_add (ct=ct@entry=0x7f804d2d4ca0,
ca=ca@entry=0x7f8040845650, i=i@entry=0,
ad=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at
../../../../servers/slapd/bconfig.c:5504
#5 0x00007f804cfcc86d in config_modify_internal (ca=0x7f8040845650,
rs=0x7f8040847a50, op=0x7f804d2d9fc0, ce=<optimized out>)
at ../../../../servers/slapd/bconfig.c:5761
#6 config_back_modify (op=0x7f804d2d9fc0, rs=0x7f8040847a50) at
../../../../servers/slapd/bconfig.c:5906
#7 0x00007f804cffa7f9 in fe_op_modify (op=0x7f80380008b0, rs=0x7f8040847a50) at
../../%2/../servers/slapd/modify.c:303
#8 0x00007f804cffc6bd in do_modify (op=0x7f80380008b0, rs=0x7f8040847a50) at
../../../../servers/slapd/modify.c:177
#9 0x00007f804cfe2d81 in connection_operation (ctx=ctx@entry=0x7f8040847ba0,
arg_v=arg_v@entry=0x7f80380008b0)
at ../../../../servers/slapd/connection.c:1155
#10 0x00007f804cfe30a4 in connection_read_thread (ctx=0x7f8040847ba0,
argv=<optimized out>) at ../../../../servers/slapd/connection.c:1291
#11 0x00007f804cb43f83 in ldap_int_thread_pool_wrapper (opool=0x7f804dfedfd0) at
../../../../libraries/libldap_r/tpool.c:688
#12 0x00007f804af53b50 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#13 0x00007f804ac9d95d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#14 0x0000000000000000 in ?? ()222""
Detailed trace:
"""
#0 0x00007f804d028d78 in at_next (at=at@entry=0x7f8040842318) at
../../../../servers/slapd/at.c:368
__PRETTY_FUNCTION__ = "at_next"
#1 0x00007f804cfd1a2a in config_generic (c=0x7f8040845650) at
../../../../servers/slapd/bconfig.c:1686
%3= <optimized out>
at = 0x0
prev = 0x0
i = <optimized out>
__PRETTY_FUNCTION__ = "config_generic"
#2 0x00007f804cfd7a4b in config_set_vals (Conf=0x7f804d2d4ca0,
c=0x7f8040845650) at ../../../../servers/slapd/config.c:353
rc = <optimized out>
arg_type = <optimized out>
ptr = 0x0
#3 0x00007f804cfd846d in config_parse_add (ct=ct@entry=0x7f804d2d4ca0,
c=c@entry=0x7f8040845650, valx=<optimized out>)
at ../../../../servers/slapd/config.c:697
rc = 0
#4 0x00007f804cfcb977 in config_modify_add (ct=ct@entry=0x7f804d2d4ca0,
ca=ca@entry=0x7f8040845650, i=i@entry=0,
ad=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at
../../../../servers/slapd/bconfig.3A3A5504
rc = <optimized out>
#5 0x00007f804cfcc86d in config_modify_internal (ca=0x7f8040845650,
rs=0x7f8040847a50, op=0x7f804d2d9fc0, ce=<optimized out>)
at ../../../../servers/slapd/bconfig.c:5761
e = 0x7f804e00ae18
save_attrs = 0x7f804e01fa30
a = 0x7f804e40b858
colst = 0x7f804e07f120
i = <optimized out>
dels = 0x0
rc = <optimized out>
oc_at = <optimized out>
ct = 0x7f804d2d4ca0
nocs = 2
ptr = <optimized out>
s = <optimized out>
deltail = 0x7f8040846818
ml = <optimized out>
#6 config_back_modify (op=0x7f804d2d9fc0, rs=0x7f8040847a50) at
../../../../servers/slapd/bconfig.c:5906
cfb = 0x7f8040847a50
ce = <optimized out>
last = <optimized out>
ml = <optimized out>
ca = {argc = 18, argv = 0x7f804e99cfa0, argv_size = 513,
line = 0x7f804e058993 "( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The d
to the login shell' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", tline = 0x7f804e99a340 "(", fname
= 0x7f804d071961 "slapd", lineno = 0,
log = "olcAttributeTypes: value #0", '\000' <repeats 4096 times>,
reply = {err = 0, msg = '\000' <repeats 255 times>}, depth = 0, valx = 1,
values = {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_ber_t = 0,
v_string = 0x0, v_bv = {bv_len = 0, bv_val = 0x0}, v_dn = {vdn_dn = {
bv_len = 0, bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val =
0x0}}, v_ad = 0x0}, rvalue_vals = 0x0, rvalue_nvals = 0x0, op = 0, type = 25,
ca_op = 0x7f80380008b0, be = 0x7f804d2dbbe0, bi = 0x0, ca_entry =
0x7f804e00ae18, ca_private = 0x7f804e04f8e0, cleanup = 0, table = Cft_Schema}
rdn % % {bv_len = 2, bv_val = 0x7f804e081ef0
"cn={2}nis,cn=schema,cn=config"}
ptr = <optimized out>
rad = 0x7f804dfeada0
do_pause = <optimized out>
#7 0x00007f804cffa7f9 in fe_op_modify (op=0x7f80380008b0, rs=0x7f8040847a50) at
../../../../servers/slapd/modify.c:303
update = <optimized out>
repl_user = <optimized out>
op_be = <optimized out>
bd = 0x7f804d2dbbe0
textbuf = "\002\000\000\000\000\000\000\000\214\311\303J\200\177\000\000\260\370\231N\200\177\000\000\345\375\377L\200\177\000\000\320\001\000\000\000\000\000\000\240\255\201N\200\177\000\000
\342\375M\200\177\000\000b\366\231N\200\177\000\000\277\000\000\000\000\000\000\000\200șN\200\177\000\000\003\000\000\000\000\000\000\000`\366\231N\200\177\000\000\001\000\000\000\000\000\000\000a\366\231N\200\177\000\000\360h\204@\200\177\000\000\031\000\000\000\000\000\000\000\000\266\005N\200\177\000\000p%\377M\200\177",
'\000' <repeats 18 times>"\220,
\001\000P000\000\000\000\000ߵ\377L\200\177\000\000\020\017\000\070\200\177\000\000\020\025\000\070\200\177\000\000\340i\204@\200\177\000\000pz\204@\200\177\000\000\000\001\000\000\000\000\000\000\260\b\000\070\200\177\000\000\025\000\000\000\000\000\000\000m\210\377L\200\177\000\000\000\000\000\000\000\000\000\000\020\025\000\070\200\177\000"
#8 0x00007f804cffc6bd in do_modify (op=0x7f80380008b0, rs=0x7f8040847a50) at
../../../../servers/slapd/modify.c:177
dn = {bv_len = 29, bv_val = 0x7f804e99b569
"cn={2}nis,cn=schema,cn=config"}
textbuf = "olcAttributeTypes\000jectClass\000amp\000%F\217\067\260\264l\221c`=\bX\302J5\347\343\001\255\064\336\002!\036\322\326L\350\304'\245\234\026\016dJ'\315:\225\034\310f\245ӌuV.\234&F\233c\324\023'\022\236\236\370\"!C\307\065\246\067\363\302\373\021\205\207k\030\037\211d݉\213\213\226\243G\324\345R\323Ӹ\277Lo\270v\031ccEc\215\227\031\244?\222\245\037.\302\303tO\210\211\250\255\ayg\316w(\317U4\210\274\372LJ\246`]\250\230\000!N\372\305\376\365\220\222\264)\004J\353\305^m\325\366\372\361\060ӝ\203Sy\341\302\026M\333\027\252\002\370\234e\370M҅;k\275\266L\200\177\000\000\000\000\000\000\000\000\000\000\b\000\000\000\022\020\204M0S\201N\200\177\000\000\341ؒL\200\177\000"
tmp = 0x0
#9 0000007f804cfe8181 in connection_operation (ctx=ctx@entry=0x7f8040847ba0,
arg_v=arg_v@entry=0x7f80380008b0)
at ../../../../servers/slapd/connection.c:1155
rc = 80
cancel = <optimized out>
op = 0x7f80380008b0
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs =
0x0, r_attrs = 0x0, r_nentries = 0, r_v2ref 0x0x0}, sru_sasl = {
r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, r_rspdata =
0x0}}, sr_flags = 0}
tag = 102
opidx = SLAP_OP_MODIFY
conn = 0x7f804e11a250
memctx = 0x7f8038000f10
memctx_null = 0x0
memsiz = 1048576
__PRETTY_FUNCTION__ = "connection_operation"
#10 0x00007f804cfe30a4 in connection_read_thread (ctx=0x7f8040847ba0,
argv=<optimized out>) at ../../../../servers/slapd/connection.c:1291
rc = <optimized out>
cri = {op = 0x7f80380008b0, func = 0, arg = 0x0, ctx = <optimized out>,
nullop = <optimized out>}
s = <optimized out>
#11 0x00007f804cb43f83 in ldap_int_thread_pool_wrapper (xpool=0x7f804dfedfd0) at
../../../../libraries/libldap_r/tpool.ch688
pool = 0x7f804dfedfd0
task = 0x7f804e3ea890
work_list = <optimized out>
ctx = {ltu_id = 140188814968576, ltu_key = {{ltk_key = 0x7f804cfe0ec0,
ltk_data = 0x7f8038000e00,
ltk_free = 0x7f804cfe0f90 <conn_counter_destroy>}, {ltk_key =
0x7f804d03a760, ltk_data = 0x7f8038000f10,
ltk_free = 0x7f804d03a780 <slap_sl_mem_destroy>}, {ltk_key =
0x7f804cff6cb0, ltk_data = 0x0,
ltk_free = 0x7f804cff6c10 <slap_op_q_destroy>}, {ltk_key =
0x7f804e3e65d0, ltk_data = 0x7f804e81aab0,
ltk_free = 0x7f8047be4540 <bdb_reader_free>}, {ltk_key = 0x0,
ltk_data = 0x0, ltk_free = 0} <repeats 28 times>}}
kctx = <optimized out>
keyslot = <optimized out>
hash = <optimized out>
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#12 0x00007f804af53b50 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#13 0x00007f804ac9d95d in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#14 0x0000000000000000 in ?? ()
No symbol table info available.
"""