(ITS#5148) Segmentation Fault - openldap-bugs

20 Sep 2007


      Full_Name: Russell Mosemann
Version: 2.3.38
OS: Linux 2.6.19.1
URL: 
Submission from: (NULL) (192.160.64.49)
Debian 3.1
bdb 4.6.19
OpenLDAP 2.3.38
configure --disable-ipv6 --without-cyrus-sasl --without-tls --enable-crypt \
--enable-wrappers --enable-hdb
gcc version 4.2.1 (Debian 4.2.1-3)
slapcat and slapadd function without errors when loading or exporting the
database. The following segmentation fault happens on the first query to slapd.
gdb slapd
(gdb) run -d 255
...
...
...
...
dnPrettyNormal: <qmailgid=306,ou=accounts,o=cune>
=> ldap_bv2dn(qmailgid=306,ou=accounts,o=cune,0)
<= ldap_bv2dn(qmailgid=306,ou=accounts,o=cune)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(qmailGID=306,ou=accounts,o=cune)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(qmailGID=306,ou=accounts,o=cune)=0
<<< dnPrettyNormal: <qmailGID=306,ou=accounts,o=cune>,
<qmailGID=306,ou=accounts
,o=cune>
do_bind: version=3 dn="qmailGID=306,ou=accounts,o=cune" method=128
==> hdb_bind: dn: qmailGID=306,ou=accounts,o=cune
bdb_dn2entry("qmailGID=306,ou=accounts,o=cune")
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1561621616 (LWP 27395)]
0xb7f0a471 in __lock_get_internal () from /usr/lib/libdb-4.6.so
(gdb) bt full
#0  0xb7f0a471 in __lock_get_internal () from /usr/lib/libdb-4.6.so
No symbol table info available.
#1  0xb7f0afaf in __lock_get () from /usr/lib/libdb-4.6.so
No symbol table info available.
#2  0xb7f3caf5 in __db_lget () from /usr/lib/libdb-4.6.so
No symbol table info available.
#3  0xb7eafc67 in __bam_get_root () from /usr/lib/libdb-4.6.so
No symbol table info available.
#4  0xb7eb003e in __bam_search () from /usr/lib/libdb-4.6.so
No symbol table info available.
#5  0xb7ea0b0a in __bamc_init () from /usr/lib/libdb-4.6.so
No symbol table info available.
#6  0xb7ea1b9e in __bamc_init () from /usr/lib/libdb-4.6.so
No symbol table info available.
#7  0xb7f2eb9d in __dbc_get () from /usr/lib/libdb-4.6.so
No symbol table info available.
#8  0xb7f37d6b in __dbc_get_pp () from /usr/lib/libdb-4.6.so
No symbol table info available.
#9  0x080f2332 in hdb_id2entry (be=0x8230d58, tid=0x0, locker=7, id=136227432,
    e=0xa2eb8018) at id2entry.c:125
        bdb = <value optimized out>
        db = (DB *) 0x0
        key = {data = 0xa2eb7f74, size = 4, ulen = 0, dlen = 0, doff = 0,
  app_data = 0x0, flags = 4}
        data = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0,
  app_data = 0x0, flags = 8}
        cursor = (DBC *) 0xa333cabc
        bv = {bv_len = 136515576, bv_val = 0x1 <Address 0x1 out of bounds>}
        rc = -1208315332
        nid = 2517172224
#10 0x080ea2ba in hdb_cache_find_id (op=0x81ecc80, tid=0x0, id=2454,
    eip=0xa2eb8058, islocked=1, locker=7, lock=0xa2eb80a4) at cache.c:760
        bdb = (struct bdb_info *) 0x8230e60
        ep = (Entry *) 0x0
        rc = 0
        load = 1
        ei = {bei_parent = 0x0, bei_id = 2454, bei_lockpad = 0 '\0',
  bei_state = 0, bei_nrdn = {bv_len = 0, bv_val = 0x0}, bei_rdn = {bv_len = 0,
    bv_val = 0x0}, bei_modrdns = 0, bei_ckids = 0, bei_dkids = 0, bei_e = 0x0,
  bei_kids = 0x0, bei_kids_mutex = {__data = {__lock = 0, __count = 0,
      __owner = 0, __kind = 0, __nusers = 0, {__spins = 0, __list = {
          __next = 0x0}}}, __size = '\0' <repeats 23 times>, __align = 0},
  bei_lrunext = 0x0, bei_lruprev = 0x0}
#11 0x080ed857 in hdb_dn2entry (op=0x81ecc80, tid=0x0, dn=0x81ecc9c,
    e=0xa2eb80b8, matched=1, locker=7, lock=0xa2eb80a4) at dn2entry.c:68
        ei = (EntryInfo *) 0x81ed428
        rc = 0
---Type <return> to continue, or q <return> to quit---
        rc2 = <value optimized out>
#12 0x080e821f in hdb_bind (op=0x81ecc80, rs=0xa2eb81c4) at bind.c:68
        e = <value optimized out>
        a = <value optimized out>
        ei = <value optimized out>
        password = (AttributeDescription *) 0x81c88d8
        locker = 7
        lock = {off = 134060, ndx = 905, gen = 13, mode = DB_LOCK_WRITE}
        __PRETTY_FUNCTION__ = "hdb_bind"
#13 0x08078cf9 in fe_op_bind (op=0x81ecc80, rs=0xa2eb81c4) at bind.c:405
        mech = {bv_len = 6, bv_val = 0x813b828 "SIMPLE"}
        bd = (BackendDB *) 0x818cee0
#14 0x08079ab1 in do_bind (op=0x81ecc80, rs=0xa2eb81c4) at bind.c:200
        ber = (BerElement *) 0x81ebd70
        version = 3
        method = 128
        mech = {bv_len = 0, bv_val = 0x0}
        dn = {bv_len = 31,
  bv_val = 0x81ecc42 "qmailgid=306,ou=accounts,o=cune"}
        tag = <value optimized out>
        be = (Backend *) 0x0
#15 0x0805de3d in connection_operation (ctx=0xa2eb8248, arg_v=0x81ecc80)
    at connection.c:1133
        curelm = <value optimized out>
        rc = <value optimized out>
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0,
  sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
    sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0,
      r_rspdata = 0x0}, sru_search = {r_entry = 0x0, r_attr_flags = 0,
      r_operational_attrs = 0x0, r_attrs = 0x0, r_nentries = 0,
      r_v2ref = 0x0}}, sr_flags = 0}
        tag = 96
        opidx = SLAP_OP_BIND
        conn = (Connection *) 0xa32b9f80
        memctx = (void *) 0x81ece78
        memctx_null = (void *) 0x0
        __PRETTY_FUNCTION__ = "connection_operation"
#16 0x08110662 in ldap_int_thread_pool_wrapper (xpool=0x81c9c28) at tpool.c:478
        ctx = (ldap_int_thread_ctx_t *) 0x81ec650
        ltc_key = {{ltk_key = 0x80a2830, ltk_data = 0x81ece78,
    ltk_free = 0x80a23a0 <slap_sl_mem_destroy>}, {ltk_key = 0x81eaa68,
    ltk_data = 0x7, ltk_free = 0x80e8be0 <bdb_locker_id_free>}, {
    ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} <repeats 30 times>}
        tid = 2733345680
        i = 680
        hash = <value optimized out>
#17 0xb7e212d3 in start_thread () from /lib/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#18 0xb7da72fe in clone () from /lib/libc.so.6
No symbol table info available.