#619 Crash in MODRDN
Closed: wontfix None Opened 11 years ago by tbordaz.

Version: main (march 12th 2013) Testcase: run BOB acceptance tests...but it may be not systematic Priority: major unless it appears to be a dynamic issue (less chance to occur) backtrace: (gdb) where #0 __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39 #1 0x000000370ea1250b in cvt_s (flags=0, prec=<optimized out>, width=<optimized out>, str=<optimized out>, ss=0x7f053ffec8c0) at ../../../mozilla/nsprpub/pr/src/io/prprf.c:370 #2 dosprintf (ss=ss@entry=0x7f053ffec8c0, fmt=0x7f055f66e135 "", fmt@entry=0x7f055f66e130 "%s,%s", ap=ap@entry=0x7f053ffec918) at ../../../mozilla/nsprpub/pr/src/io/prprf.c:998 #3 0x000000370ea12868 in PR_vsmprintf (fmt=fmt@entry=0x7f055f66e130 "%s,%s", ap=ap@entry=0x7f053ffec918) at ../../../mozilla/nsprpub/pr/src/io/prprf.c:1145 #4 0x00007f05630f32d3 in slapi_create_dn_string (fmt=fmt@entry=0x7f055f66e130 "%s,%s") at ldap/servers/slapd/dn.c:1092 #5 0x00007f055f658ada in acl_modified (pb=<optimized out>, optype=<optimized out>, e_sdn=0x7f04e4000f20, change=0x7f053ffeca90) at ldap/servers/plugins/acl/acl.c:1801 #6 0x00007f0563136391 in plugin_call_acl_mods_update (pb=pb@entry=0x1b08a60, optype=optype@entry=64) at ldap/servers/slapd/plugin_acl.c:192 #7 0x00007f0563125e31 in op_shared_rename (pb=pb@entry=0x1b08a60, passin_args=0) at ldap/servers/slapd/modrdn.c:672 #8 0x00007f0563126534 in do_modrdn (pb=0x1b08a60) at ldap/servers/slapd/modrdn.c:268 #9 0x0000000000416c98 in connection_dispatch_operation (pb=<optimized out>, op=0x1b09530, conn=0x7f0551fb1e10) at ldap/servers/slapd/connection.c:588 #10 connection_threadmain () at ldap/servers/slapd/connection.c:2338 #11 0x000000370ea28cf3 in _pt_root (arg=0x1ac7b30) at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:156 #12 0x00000035d7007d14 in start_thread (arg=0x7f053ffef700) at pthread_create.c:309 #13 0x00000035d6cf168d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 First analyze: The problem is that the set of changes provided to the acl_modified callback looks invalid. The pblock contains a valid newrdn but it is not clear for newsuperior or newsuperior_sdn. This bug is possibly related to bug fix https://fedorahosted.org/389/ticket/340

'''Here is the current status'''

  • This bug was introduced by ​https://fedorahosted.org/389/ticket/340 that used a local variable (mychange) that was unstack at the time it was used[[BR]]

    commit 5beb93d

  • The bug was fixed Sept 24th by Coverity issue 13091[[BR]]

    commit d58ae20

  • I hit this issue on Fed17 after doing 'yum install -y 389-ds'. It installed 389-ds-base-1.2.11.19-1.fc17.x86_64

    • checking the various src versions. The status of that bug is

{{{
1.2.10 -> not fixed
1.2.11 -> not fixed (since 1.2.11.16)
1.3.0 -> fixed
master -> fixed
rhel6.4 -> fixed
rhel6.3 -> N/A
}}}

'''Here are the next steps'''

  • To confirm the impacted release are only 1.2.10 and 1.2.11

  • This bug should be closed as duplicate of "coverity issue 13091"

Thierry, what is the status of this? I see this is checked into 1.3.0, 1.2.11, and 1.2.10. Do you know if this affects the "master" branch?

Hi Mark,

This bug was introduced with the ticket340. You fixed it with Sept 24th by Coverity issue 13091
commit d58ae20.

So it is fixed in main.

But the fix "Coverity issue 13091" was not backported in 1.2.10 and 1.2.11. So the crash condition still exists in those branches.

best regards
thierry

Thanks for the info Thierry!

git push origin 389-ds-base-1.2.11
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 3.31 KiB, done.
Total 6 (delta 3), reused 1 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
6a2b0b1..f6a6514 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

git push origin 389-ds-base-1.2.10
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 3.31 KiB, done.
Total 6 (delta 3), reused 1 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
194ed4c..caa580e 389-ds-base-1.2.10 -> 389-ds-base-1.2.10

Metadata Update from @nkinder:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.20

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/619

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Login to comment on this ticket.

Metadata