openldap-bugs

openldap-bugs@openldap.org

1 participants
21242 discussions

[Issue 10493] New: change in 2.6.13 for ber_bvreplace_x introduces out of bounds reads
by openldap-its＠openldap.org 19 Apr '26

19 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10493 Issue ID: 10493 Summary: change in 2.6.13 for ber_bvreplace_x introduces out of bounds reads Product: OpenLDAP Version: 2.6.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: dirk(a)dmllr.de Target Milestone: --- 2.6.13 includes the patch for "Fixed liblber ber_bvreplace_x potential NULL dereference" However, this now introduces OOB reads. If ber_memrealloc_x fails to allocate memory, the function executes AC_MEMCPY( dst->bv_val, src->bv_val, dst->bv_len + 1 ); Because `dst->bv_len` was not updated to `src->bv_len`, `AC_MEMCPY` copies exactly `dst->bv_len + 1` bytes from `src`. Since `src` is strictly larger than the old `dst->bv_len`, the byte copied into the final position (`dst->bv_val[dst->bv_len]`) will be the corresponding character from `src`, **not a null-terminator**. This leaves the `dst->bv_val` buffer without a null-terminator. Any subsequent string-based operations (like `strlen`, `printf`, or logging functions) acting on the `berval`'s `bv_val` will read out-of-bounds into adjacent heap memory until it randomly hits a null byte, leading to a heap buffer over-read (OOB Read) or information leak. Similarly, if the source buffer was not null-terminated and was precisely sized to its length, it reads 1 byte past the end of src->bv_val, which is an Out-of-Bounds Read that could lead to crashes or leaking adjacent memory. suggest to use this instead: if ( dst->bv_val != NULL ) { AC_MEMCPY( dst->bv_val, src->bv_val, dst->bv_len ); dst->bv_val[dst->bv_len] = '\0'; } -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10438] New: Potential Dereference of NULL in ber_bvreplace_x
by openldap-its＠openldap.org 19 Apr '26

19 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10438 Issue ID: 10438 Summary: Potential Dereference of NULL in ber_bvreplace_x Product: OpenLDAP Version: 2.6.12 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: mishtitov(a)gmail.com Target Milestone: --- Return value of a function `ber_memrealloc_x` is dereferenced at [memory.c:711](https://git.openldap.org/openldap/openldap/-/blob/master/libr… withouth checking for NULL, but it is usually checked for this function. Notice that `ber_memrealloc_x()` might return NULL when `realloc()` fails. PLease consider adding a NULL check. -- You are receiving this mail because: You are on the CC list for the issue.

1 6

[Issue 8394] LMDB fails GCC5 without -fno-strict-aliasing
by openldap-its＠openldap.org 16 Apr '26

16 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=8394 --- Comment #4 from bdallen(a)nps.edu <bdallen(a)nps.edu> --- Here is the code I used which generates the core dump in round 2. It should complete 10 rounds then say "Done.": import pypicosdk as psdk def test(n): print(n, "checkpoint.a") scope = psdk.psospa() print(n, "checkpoint.b") scope.open_unit() print(n, "checkpoint.c") scope.close_unit() print(n, "checkpoint.d") if __name__ == "__main__": for i in range(1, 11): test(i) print("Done.") On 4/15/26 09:36, openldap-its(a)openldap.org wrote: > NPS WARNING: *external sender* verify before acting. > > > https://bugs.openldap.org/show_bug.cgi?id=8394 > > Howard Chu <hyc(a)openldap.org> changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > Status|UNCONFIRMED |RESOLVED > Resolution|--- |SUSPENDED > > --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- > No test case provided > > -- > You are receiving this mail because: > You reported the issue. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9619] New: mdb_env_copy2 with MDB_CP_COMPACT in mdb.master3 produces corrupt mdb file
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=9619 Issue ID: 9619 Summary: mdb_env_copy2 with MDB_CP_COMPACT in mdb.master3 produces corrupt mdb file Product: LMDB Version: 0.9.29 Hardware: All OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: kriszyp(a)gmail.com Target Milestone: --- When copying an LMDB database with mdb_env_copy2 with the MDB_CP_COMPACT with mdb.master3, the resulting mdb file seems to be corrupt and when using it in LMDB, I get segmentation faults. Copying without the compacting flag seems to work fine. I apologize, I know this is not a very good issue report, as I haven't had a chance to actually narrow this down to a more reproducible/isolated case, or look for how to patch. I thought I would report in case there are any ideas on what could cause this. The segmentation faults always seem to be memory write faults (as opposed to try fault on trying to read). Or perhaps the current backup/copying functionality is eventually going to be replaced by incremental backup/copying anyway (https://twitter.com/hyc_symas/status/1315651814096875520). I'll try to update this if I get a chance to investigate more, but otherwise feel free to ignore/consider low-priority since the work around is easy. -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 10346] New: mdb_env_copy2 on a database with a value larger than (2GB-16) results in a corrupt copy
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10346 Issue ID: 10346 Summary: mdb_env_copy2 on a database with a value larger than (2GB-16) results in a corrupt copy Product: LMDB Version: 0.9.31 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: mike.moritz(a)vertex.link Target Milestone: --- Created attachment 1072 --> https://bugs.openldap.org/attachment.cgi?id=1072&action=edit reproduction source code Running mdb_env_copy2 with compaction on a database with a value larger than (2GB-16)bytes appears to complete successfully in that there are no errors, but the copied database cannot be opened and throws an MDB_CORRUPTED error. Looking at the copied database size, it appears that the value is either being skipped or significantly truncated. Running mdb_env_copy2 without compaction also completes successfully, and the copied database can be opened. I initially encountered this while using py-lmdb with v0.9.31 of LMDB, but was able to write up a simple script that uses the library directly. The source for the script is attached, and the results below are from running it with the latest from master. Without compaction: $ ./lmdb_repro test.lmdb $((2 * 1024 * 1024 * 1024 - 16 + 1)) testbak.lmdb LMDB Version: LMDB 0.9.70: (December 19, 2015) Set LMDB map size to 21474836330 bytes Successfully inserted key with 2147483633 bytes of zero-filled data Retrieved 2147483633 bytes of data First 16 bytes (hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Copying database to testbak.lmdb... Database copy completed successfully. Opening copied database and reading value... Retrieved 2147483633 bytes of data from copied database First 16 bytes from copy (hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Data size matches between original and copy With compaction: $ ./lmdb_repro -c test.lmdb $((2 * 1024 * 1024 * 1024 - 16 + 1)) testbak.lmdb LMDB Version: LMDB 0.9.70: (December 19, 2015) Set LMDB map size to 21474836330 bytes Successfully inserted key with 2147483633 bytes of zero-filled data Retrieved 2147483633 bytes of data First 16 bytes (hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Copying database to testbak.lmdb (with compaction)... Database copy completed successfully. Opening copied database and reading value... mdb_get (copy) failed: MDB_CORRUPTED: Located page was wrong type Size difference on corrupt DB: $ du -sh ./* 312K ./lmdb_repro 24K ./testbak.lmdb 2.1G ./test.lmdb With compaction at the perceived max size: $ ./lmdb_repro -c test.lmdb $((2 * 1024 * 1024 * 1024 - 16)) testbak.lmdb LMDB Version: LMDB 0.9.70: (December 19, 2015) Set LMDB map size to 21474836320 bytes Successfully inserted key with 2147483632 bytes of zero-filled data Retrieved 2147483632 bytes of data First 16 bytes (hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Copying database to testbak.lmdb (with compaction)... Database copy completed successfully. Opening copied database and reading value... Retrieved 2147483632 bytes of data from copied database First 16 bytes from copy (hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Data size matches between original and copy -- You are receiving this mail because: You are on the CC list for the issue.

1 7

[Issue 8739] Better check for fsync on FreeBSD
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=8739 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |0.9.36 Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #3 from Howard Chu <hyc(a)openldap.org> --- Fixed in git -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8737] LMDB allows creation of multiple databases in same directory
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=8737 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |SUSPENDED Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 10296] New: Force a Mac OS full flush
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10296 Issue ID: 10296 Summary: Force a Mac OS full flush Product: LMDB Version: unspecified Hardware: All OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: renault.cle(a)gmail.com Target Milestone: --- Created attachment 1045 --> https://bugs.openldap.org/attachment.cgi?id=1045&action=edit Use a F_FULLFSYNC fcntl when committing on Mac OS Hello Howard and Happy New Year, As discussed in this issue [1], the LMDB durability is incorrect when committing. I propose the following patch that uses fcntl with the F_FULLFSYNC flag. The fcntl documentation is on this page [2]. Note that I kept the calls to msync/fsync for simplicity and because they don't cost much but feel free to skip them on Mac OS. Have a nice day, kero [1]: https://github.com/cberner/redb/pull/928#issuecomment-2567032808 [2]: https://developer.apple.com/library/archive/documentation/System/Conceptual… -- You are receiving this mail because: You are on the CC list for the issue.

1 10

[Issue 10454] New: O_DSYNC is busted on macos
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10454 Issue ID: 10454 Summary: O_DSYNC is busted on macos Product: LMDB Version: unspecified Hardware: All OS: Mac OS Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: pyry.kovanen(a)gmail.com Target Milestone: --- LMDB relies on O_DSYNC for writing the meta page, unfortunately it doesn't work on macos. Previous discovery by the tigerbeetle guys: https://github.com/tigerbeetle/viewstamped-replication-made-famous#leaderbo…, some more context at https://x.com/jorandirkgreef/status/1532314169604726784. I discovered this during benchmarking and was wondering why lmdb writes were twice as fast as macos as on linux. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 10402] New: Feature request: parameter for mdb_env_copy to exclude databases
by openldap-its＠openldap.org 15 Apr '26

15 Apr '26

https://bugs.openldap.org/show_bug.cgi?id=10402 Issue ID: 10402 Summary: Feature request: parameter for mdb_env_copy to exclude databases Product: LMDB Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: jeffro256(a)tutanota.com Target Milestone: --- ## Desired behavior New overload or API modification to `mdb_env_copy{...}()` which allows passing a list of names of databases to exclude from the environment copy. ## Example use-case The Monero blockchain database [1] has the option to derived a "pruned" database for space-saving purposes. This removes some ~60% of data which some users may find non-essential. Currently, the pruning code [2] copies each non-pruned table manually, specifying key ordering functions, DB flags, etc. It then drops some entries from the relevant "prunable tables". This, however, adds technical maintenance debt when databases are added/updated. A preferable alternative would be to write high-level modification code once and use an overload of `mdb_env_copy` which excludes copying database that we know in advance we don't want to copy. Then our pruning utility would work agnostic to database changes. ## Why Adding this functionality ourselves would involve re-writing large portions of `mdb_env_copyfd{0,1}` and `mdb_env_cwalk`, which requires either A) vendoring LMDB, or B) possibly breaking in future updates. You may understandably be of the opinion that the maintenance burden is an "us problem", and not deem pursuing this feature request worth it, but hopefully you seem the value in this utility. Thanks for y'alls hard work on LMDB. ## Links [1] https://github.com/monero-project/monero/blob/d32b5bfe18e2f5b979fa8dc3a8966… [2] https://github.com/monero-project/monero/blob/master/src/blockchain_utiliti… -- You are receiving this mail because: You are on the CC list for the issue.

1 5

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs