On Sat, Apr 18, 2015 at 10:47:57PM +0000, ryan@nardis.ca wrote:

Adding a new group containing a nonexistent member, or or a nonexistent member to an existing group, triggers the following AddressSanitizer splat. No error when adding a valid member, or with memberof disabled.

That part turned out to be my fault, actually:

#0 0xebdb1e in lutil_strncopy /home/ryan/pkg/openldap/openldap/libraries/liblutil/utils.c:317:2 #1 0xd10adb in mdb_dn2id /home/ryan/pkg/openldap/openldap/servers/slapd/back-mdb/dn2id.c:360:9

The nonexistent entry I was trying to add was outside the db suffix. Therefore nrlen in mdb_dn2id was wrong (in my specific case, negative) and things got worse from there.

Testing with a nonexistent entry under the correct suffix, there are no complaints from AddressSanitizer.

The buggy behaviour is still present, however: the member value is added despite returning a 'constraint violation' result.