Bug 231507
Summary: | rhds72 Modification of directory entries with VLV-indexed null-value attributes results in server crash | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Directory Server | Reporter: | Marco Rhodes <mrhodes> | ||||||
Component: | Database - Indexes/Searches | Assignee: | Rich Megginson <rmeggins> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 7.2 | CC: | nhosoi | ||||||
Target Milestone: | DS8.0 | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-05-06 14:41:04 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 152373, 159328, 240316 | ||||||||
Attachments: |
|
Description
Marco Rhodes
2007-03-08 19:27:27 UTC
Created attachment 149634 [details]
diffs
Your fix looks good. Created attachment 150065 [details]
cvs commit log
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
File: ldapserver/ldap/servers/slapd/back-ldbm/vlv.c
Fix Description: The value lowest_value is defined outside the loop that loops
through all the attributes in the vlv sort specification (e.g. usually
something like cn givenname o ou sn if defined by the console browsing index).
lowest_value is not reset for each loop iteration. So if it goes through the
loop one time for e.g. givenname, and givenname has values, lowest_value will
point to the lowest value of givenname until the key is created, then it is
freed. So the next loop iteration uses o, and if for example o does not have
any values, lowest_value will point to the already freed memory used by the
givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be
very large, which is the probably cause of the malloc out of memory errors seen
by the customer). The solution is to reset lowest_value to NULL before each
loop iteration (I did this by moving the declaration and initialization of
lowest_value inside the loop scope) and testing for lowest_value == NULL before
trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Commited fix to HEAD. Checking in vlv.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v <-- vlv.c new revision: 1.13; previous revision: 1.12 done DS7.2 is not a valid milestone anymore. Anything thats set to DS7.2 should be set to DS8.0. Will make further changes per bug council on 07/24/2007, after this. |