[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd chokes on PROTOS test suite (ITS#2275)



Full_Name: Ralf Haferkamp
Version: 2.1.12, HEAD
OS: SuSE Linux 8.1
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.95.100.96)


I recently ran the PROTOS test suite:
    http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
against the latest stable release. Some testcases crashed the server. 
The first test that failed was #1504 of c06-ldapv3-enc-r1.jar. The folling patch
should fix the problem:

--- libraries/liblber/io.c      2003/01/20 08:21:58     1.1
+++ libraries/liblber/io.c      2003/01/20 08:59:08
@@ -492,6 +492,7 @@
                        unsigned char *p = (unsigned char *)ber->ber_ptr;
                        tag = *p++;
                        if ((tag & LBER_BIG_TAG_MASK) == LBER_BIG_TAG_MASK) {
+                               int i;
                                for (i=1; (char *)p<ber->ber_rwptr; i++,p++) {
                                        tag <<= 8;
                                        tag |= *p;

Other tests that still fail are at least #4829 and #5105. They seem to be
somehow related, because they both seem to fail in the recursive function
ber_get_stringbvr and result in similar backtraces (here from #5105):

Core was generated by `servers/slapd/slapd -d 1'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
[..]
#1  0x080edcc8 in ber_skip_tag (ber=Cannot access memory at address 0xbf400ff8
) at decode.c:110
#2  0x080edddc in ber_peek_tag (ber=0x81aca90, len=0xbf5ff968) at decode.c:173
#3  0x080ee04b in ber_get_stringbvr (b=0xbf5ff95c, n=43566) at decode.c:327
#4  0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=43565) at decode.c:381
#5  0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=43564) at decode.c:381
#6  0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=43563) at decode.c:381
#7  0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=43562) at decode.c:381
[..]
#43564 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=5) at decode.c:381
#43565 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=4) at decode.c:381
#43566 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=3) at decode.c:381
#43567 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=2) at decode.c:381
#43568 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=1) at decode.c:381
#43569 0x080ee08d in ber_get_stringbvr (b=0xbf5ff95c, n=0) at decode.c:381
#43570 0x080eeb3f in ber_scanf (ber=0x81aca90, fmt=0x8131375 "M}}")
    at decode.c:769
#43571 0x0805c557 in do_search (conn=0x404b4b8c, op=0x81acac0) at search.c:164
#43572 0x0805b2ff in connection_operation (ctx=0xbf5ff968, arg_v=0x81acb48)
    at connection.c:948
#43573 0x080d0e61 in ldap_int_thread_pool_wrapper ()
#43574 0x402311b0 in pthread_start_thread () from /lib/libpthread.so.0

I didn't investigate on this further, yet. Any ideas what could be the problem?