On 03/18/2013 07:48 PM, Howard Chu wrote:
m.gr@gmx.de wrote:
Full_Name: Matthias Grau Version: 2.4.34 OS: debian 6.7.0 x64 URL: ftp://ftp.openldap.org/incoming/matthias.grau.130318.bz2 Submission from: (NULL) (94.217.193.246)
slapd can cause a segfault when sorting values in modify operation. Under rare circumstances modify.c:802: jstack += 2; can reach a value of greater 63 which leads to an overwritten pointer for AttributeDescription.
Thanks for the report.
Changing the size of istack from sizeof(int) * 16 to sizeof(int)*16 + 1 solves the segfault. But I don't think that's the correct solution. As shown here: http://theory.stanford.edu/~amitp/rants/c++-vs-c/test5.cc there should be a condition to break if jstack reaches the size of of istack.
No. In a correct implementation, jstack can never exceed the size of istack. This was fixed in similar/identical code elsewhere, e.g. commit bb36bdcd1c22d1fbc6575452ef5c9112715ab083 and e1559100eb8e9a664cd68915e5acbf8caa334fa1 but for some reason we missed these other instances.
Fixed now in git master.
Thanks for your fast solution. Problem is solved in git master.