Hide Forgot
Description of problem: ns-slapd segfaults during execution of tickets/ticket47966_test.py Version-Release number of selected component (if applicable): 389-ds-base-1.2.11.15-85.el6.x86_64 How reproducible: always Steps to Reproduce: 1. run tickets/ticket47966_test.py 2. 3. Actual results: Program received signal SIGSEGV, Segmentation fault. _int_malloc (av=0x7f5ba4234120, bytes=<value optimized out>) at malloc.c:4561 4561 fwd->bk = victim; (gdb) bt #0 _int_malloc (av=0x7f5ba4234120, bytes=<value optimized out>) at malloc.c:4561 #1 0x00007f5ba3f20aac in __libc_malloc (bytes=416) at malloc.c:3667 #2 0x00007f5ba6447ccb in slapi_ch_malloc (size=416) at ldap/servers/slapd/ch_malloc.c:155 #3 0x00007f5ba64872a4 in ber_special_alloc (flags=960) at ldap/servers/slapd/operation.c:151 #4 operation_new (flags=960) at ldap/servers/slapd/operation.c:186 #5 0x0000000000413942 in connection_make_new_pb (ppb=0x7ffc387a2018, conn=0x7f5b9448a150) at ldap/servers/slapd/connection.c:1748 #6 0x00000000004139c8 in connection_activity (conn=0x7f5b9448a150) at ldap/servers/slapd/connection.c:2431 #7 0x000000000041963c in handle_pr_read_ready (ports=0x7ffc387a25e0) at ldap/servers/slapd/daemon.c:2170 #8 slapd_daemon (ports=0x7ffc387a25e0) at ldap/servers/slapd/daemon.c:1357 #9 0x00000000004202a3 in main (argc=7, argv=0x7ffc387a2978) at ldap/servers/slapd/main.c:1265 Expected results: Additional info:
Fixed upstream.
Hi Mark, This is the patch I mentioned in the scrum. As seen in the ticket 48987, an invalid access was reported in the memory checker when a vlv operation (actually vlv index deletion) was made. The patch is small and looks safe. Could you please apply this one as well? Ticket #48987 - Heap use after free in dblayer_close_indexes Description: Once an attribute info is deleted, its backpointer dblayer_handle_ai_backpointer in the dblayer handle needs to be set to NULL not to access the address again. We also need to set this to null from within the dblayer_close_indexes because there is no guarantee on the order that we free the handle or the attrinfo. https://fedorahosted.org/389/ticket/48987
(In reply to Noriko Hosoi from comment #3) > Hi Mark, > > This is the patch I mentioned in the scrum. As seen in the ticket 48987, an > invalid access was reported in the memory checker when a vlv operation > (actually vlv index deletion) was made. The patch is small and looks safe. > Could you please apply this one as well? Thank you very much for recalling this one! It's now pushed. > > Ticket #48987 - Heap use after free in dblayer_close_indexes >
(In reply to mreynolds from comment #4) > Thank you very much for recalling this one! It's now pushed. Thanks a lot, Mark!!
[0 root@qeos-212 ds]# py.test -v dirsrvtests/tests/tickets/ticket47966_test.py ======================= test session starts ======================= platform linux2 -- Python 2.7.8, pytest-3.0.5, py-1.4.32, pluggy-0.4.0 -- /opt/rh/python27/root/usr/bin/python cachedir: .cache DS build: 1.2.11.15 B2017.010.016 389-ds-base: 1.2.11.15-86.el6 nss: 3.27.1-12.el6 nspr: 4.13.1-1.el6 openldap: 2.4.40-16.el6 svrcore: 4.0.4-5.1.el6 rootdir: /mnt/tests/rhds/tests/upstream/ds, inifile: plugins: html-1.13.0, cov-2.4.0, beakerlib-0.6 collected 1 items dirsrvtests/tests/tickets/ticket47966_test.py::test_ticket47966 PASSED ==================== 1 passed in 141.75 seconds ==================== Marking as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0667.html