[Issue 7439] crash in rwm when tree is syncrepl synced and database ldap with rwm inside same tree - openldap-bugs

19 Jan 2021


      https://bugs.openldap.org/show_bug.cgi?id=7439
--- Comment #3 from Ondřej Kuzník ondra@mistotebe.net ---
Managed to repro with -DSLAP_NO_SL_MALLOC:
==317060== Thread 3:
==317060== Invalid free() / delete / delete[] / realloc()
==317060==    at 0x48399AB: free (vg_replace_malloc.c:538)
==317060==    by 0x48CAC24: ber_memfree_x (memory.c:152)
==317060==    by 0x4E0CFC: slap_sl_free (sl_malloc.c:499)
==317060==    by 0x4830D6: ava_free (ava.c:50)
==317060==    by 0x459DB4: filter_free_x (filter.c:554)
==317060==    by 0x52F9F92: rwm_int_filter_map_rewrite (rwmmap.c:772)
==317060==    by 0x52F8AAF: rwm_filter_map_rewrite (rwmmap.c:824)
==317060==    by 0x52EF17D: rwm_op_search (rwm.c:976)
==317060==    by 0x508D20: overlay_op_walk (backover.c:691)
==317060==    by 0x50BE40: over_op_func (backover.c:766)
==317060==    by 0x50B031: over_op_search (backover.c:796)
==317060==    by 0x5085B3: glue_sub_search (backglue.c:377)
==317060==    by 0x505407: glue_op_search (backglue.c:534)
==317060==    by 0x508D20: overlay_op_walk (backover.c:691)
==317060==    by 0x50BE40: over_op_func (backover.c:766)
==317060==    by 0x50B031: over_op_search (backover.c:796)
==317060==    by 0x4FD3D9: syncrepl_entry (syncrepl.c:4007)
==317060==    by 0x4F79C6: do_syncrep2 (syncrepl.c:1475)
==317060==    by 0x4EF8D4: do_syncrepl (syncrepl.c:2067)
==317060==    by 0x48A51FD: ldap_int_thread_pool_wrapper (tpool.c:1051)
==317060==  Address 0x5bef807 is 7 bytes inside a block of size 24 alloc'd
==317060==    at 0x483877F: malloc (vg_replace_malloc.c:307)
==317060==    by 0x48CAD9C: ber_memalloc_x (memory.c:228)
==317060==    by 0x48C4205: ber_get_stringbv (decode.c:519)
==317060==    by 0x48C53FB: ber_scanf (decode.c:827)
==317060==    by 0x4861B97: ldap_pvt_get_controls (controls.c:238)
==317060==    by 0x4877E4F: ldap_get_entry_controls (getentry.c:106)
==317060==    by 0x4F6A4A: do_syncrep2 (syncrepl.c:1284)
==317060==    by 0x4EF8D4: do_syncrepl (syncrepl.c:2067)
==317060==    by 0x48A51FD: ldap_int_thread_pool_wrapper (tpool.c:1051)
==317060==    by 0x4CCEEA6: start_thread (pthread_create.c:477)
==317060==    by 0x4DE5DEE: clone (clone.S:95)
Don't know if rwm should stop freeing parts of provided filters or syncrepl
should allocate the avas. Probably the former...
-- 
You are receiving this mail because:
You are on the CC list for the issue.