| Summary: | ns-slapd segfaults during execution of tickets/ticket47966_test.py | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Viktor Ashirov <vashirov> |
| Component: | 389-ds-base | Assignee: | mreynolds |
| Status: | CLOSED ERRATA | QA Contact: | Viktor Ashirov <vashirov> |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | unspecified | ||
| Version: | 6.9 | CC: | mreynolds, nhosoi, nkinder, rmeggins, spichugi, tlavigne, wibrown |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 389-ds-base-1.2.11.15-86.el6 | Doc Type: | Bug Fix |
| Doc Text: |
Virtual list view-related problems have been fixed
Previously, when removing a virtual list view (VLV) index, the "dblayer_erase_index_file_nolock()" function was not called. Thus, the physical index file and the back pointer set to the *dblayer* handle were not removed. Consequently, Directory Server terminated unexpectedly. This fix updates the code and the "dblayer_erase_index_file_nolock()" function is now called when removing a VLV index.
In addition, the "vlv_init()" function previously could be called multiple times without unregistering VLV plug-in callbacks. As a consequence, Directory Server sometimes terminated unexpectedly. With this update, callbacks are now unregistered.
As a result, Directory Server no longer terminates unexpectedly in the described situations.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-21 10:24:02 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Fixed upstream. Hi Mark,
This is the patch I mentioned in the scrum. As seen in the ticket 48987, an invalid access was reported in the memory checker when a vlv operation (actually vlv index deletion) was made. The patch is small and looks safe. Could you please apply this one as well?
Ticket #48987 - Heap use after free in dblayer_close_indexes
Description: Once an attribute info is deleted, its backpointer
dblayer_handle_ai_backpointer in the dblayer handle needs to be
set to NULL not to access the address again. We also need to set
this to null from within the dblayer_close_indexes because there
is no guarantee on the order that we free the handle or the
attrinfo.
https://fedorahosted.org/389/ticket/48987
(In reply to Noriko Hosoi from comment #3) > Hi Mark, > > This is the patch I mentioned in the scrum. As seen in the ticket 48987, an > invalid access was reported in the memory checker when a vlv operation > (actually vlv index deletion) was made. The patch is small and looks safe. > Could you please apply this one as well? Thank you very much for recalling this one! It's now pushed. > > Ticket #48987 - Heap use after free in dblayer_close_indexes > (In reply to mreynolds from comment #4) > Thank you very much for recalling this one! It's now pushed. Thanks a lot, Mark!! [0 root@qeos-212 ds]# py.test -v dirsrvtests/tests/tickets/ticket47966_test.py ======================= test session starts ======================= platform linux2 -- Python 2.7.8, pytest-3.0.5, py-1.4.32, pluggy-0.4.0 -- /opt/rh/python27/root/usr/bin/python cachedir: .cache DS build: 1.2.11.15 B2017.010.016 389-ds-base: 1.2.11.15-86.el6 nss: 3.27.1-12.el6 nspr: 4.13.1-1.el6 openldap: 2.4.40-16.el6 svrcore: 4.0.4-5.1.el6 rootdir: /mnt/tests/rhds/tests/upstream/ds, inifile: plugins: html-1.13.0, cov-2.4.0, beakerlib-0.6 collected 1 items dirsrvtests/tests/tickets/ticket47966_test.py::test_ticket47966 PASSED ==================== 1 passed in 141.75 seconds ==================== Marking as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0667.html |
Description of problem: ns-slapd segfaults during execution of tickets/ticket47966_test.py Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-85.el6.x86_64 How reproducible: always Steps to Reproduce: 1. run tickets/ticket47966_test.py 2. 3. Actual results: Program received signal SIGSEGV, Segmentation fault. _int_malloc (av=0x7f5ba4234120, bytes=<value optimized out>) at malloc.c:4561 4561 fwd->bk = victim; (gdb) bt #0 _int_malloc (av=0x7f5ba4234120, bytes=<value optimized out>) at malloc.c:4561 #1 0x00007f5ba3f20aac in __libc_malloc (bytes=416) at malloc.c:3667 #2 0x00007f5ba6447ccb in slapi_ch_malloc (size=416) at ldap/servers/slapd/ch_malloc.c:155 #3 0x00007f5ba64872a4 in ber_special_alloc (flags=960) at ldap/servers/slapd/operation.c:151 #4 operation_new (flags=960) at ldap/servers/slapd/operation.c:186 #5 0x0000000000413942 in connection_make_new_pb (ppb=0x7ffc387a2018, conn=0x7f5b9448a150) at ldap/servers/slapd/connection.c:1748 #6 0x00000000004139c8 in connection_activity (conn=0x7f5b9448a150) at ldap/servers/slapd/connection.c:2431 #7 0x000000000041963c in handle_pr_read_ready (ports=0x7ffc387a25e0) at ldap/servers/slapd/daemon.c:2170 #8 slapd_daemon (ports=0x7ffc387a25e0) at ldap/servers/slapd/daemon.c:1357 #9 0x00000000004202a3 in main (argc=7, argv=0x7ffc387a2978) at ldap/servers/slapd/main.c:1265 Expected results: Additional info: