jwm@horde.net wrote:
Full_Name: John Morrissey Version: 2.4.16 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:4978:194:0:21f:5bff:fee9:da92)
Looking back through the call chain, do_syncrepl() sets op->o_tmpmemctx to NULL:
/* use global malloc for now */ op->o_tmpmemctx = NULL; op->o_tmpmfuncs =&ch_mfuncs;
This should be removed.
so generalizedTimeIndexer()'s call to slap_sl_malloc() falls back to ber_memalloc_x() due to the null ctx. If malloc() fails there, NULL is eventually returned to the original caller of slap_sl_malloc(), likely resulting in a segfault.
And slap_sl_malloc() should be changed in this case to assert() just like ch_malloc() does.
All of the indexing routines seem to ignore slap_sl_malloc()'s return value, opening them up to this problem, too. Someone else will need to step in with a proper fix since I don't know much about slapd internals, but it seems that if these routines are being called with a deliberate null ctx, they should be checking for malloc failure. A cursory glance around back-bdb indicates that indexing function callers already handle failure return codes gracefully.