Re: (ITS#4966) OpenLDAP 2.3.35 crashes on valsort overlay - openldap-bugs

24 May 2007


      We've reproduced the crash and I have it in a crashed state in gdb right
now.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1107294576 (LWP 32735)]
valsort_modify (op=0x2aabaeae0058, rs=0x41ffef10) at valsort.c:455
455                     for (i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++) {
(gdb) bt
#0  valsort_modify (op=0x2aabaeae0058, rs=0x41ffef10) at valsort.c:455
#1  0x0000000000478a2a in overlay_op_walk (op=0x2aabaeae0058, rs=0x41ffef10, 
    which=op_modify, oi=0x2b240a786518, on=0x2b240a786cd8) at backover.c:498
#2  0x0000000000478e65 in over_op_func (op=0x2aabaeae0058, rs=0x41ffef10, 
    which=op_modify) at backover.c:560
#3  0x000000000043c962 in fe_op_modify (op=0x2aabaeae0058, rs=0x41ffef10)
    at modify.c:395
#4  0x000000000043d45a in do_modify (op=0x2aabaeae0058, rs=0x41ffef10)
    at modify.c:200
#5  0x0000000000427af9 in connection_operation (ctx=Variable "ctx" is not available.
) at connection.c:1133
#6  0x0000000000427fa4 in connection_read_thread (ctx=0x41fff060, argv=Variable "argv" is not available.
)
    at connection.c:1261
#7  0x00002b2408673894 in ldap_int_thread_pool_wrapper (xpool=0x2b2409d10058)
    at tpool.c:478
#8  0x00002b24083ad9af in startMeUp () from /usr/local/lib/libhoard.so
#9  0x00002b24090bfb55 in start_thread () from /lib/libpthread.so.0
#10 0x00002b24092a07f0 in clone () from /lib/libc.so.6
[...]
(gdb) frame 0
#0  valsort_modify (op=0x2aabaeae0058, rs=0x41ffef10) at valsort.c:455
455                     for (i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++) {
(gdb) list
450                             if ( ml->sml_desc == vi->vi_ad )
451                                     break;
452                     }
453                     if ( !ml )
454                             continue;
455                     for (i=0; !BER_BVISNULL( &ml->sml_values[i] ); i++) {
456                             ptr = ber_bvchr(&ml->sml_values[i], '{' );
457                             if ( !ptr ) {
458                                     Debug(LDAP_DEBUG_TRACE, "weight missing from attribute %s\n",
459                                             vi->vi_ad->ad_cname.bv_val, 0, 0);
(gdb) print *ml
$2 = {sml_mod = {sm_op = 1, sm_flags = 0, sm_desc = 0x2b2409a344d0, sm_type = {
      bv_len = 20, bv_val = 0x2aabaea1f8e9 "suorgcontactstanford"}, 
    sm_values = 0x0, sm_nvalues = 0x0}, sml_next = 0x2aabaeaf4770}
(gdb) print i
No symbol "i" in current context.
(gdb) print ml->sml_mod.sm_values
$3 = 0x0
I'll leave it running in gdb so that I can find additional information for
you as needed.