[Date Prev][Date Next] [Chronological] [Thread] [Top]

assertion failure in ber_free_buf() of io.c (ITS#2655)

Full_Name: Victor A. Abell
Version: 2.1.21
OS: Solaris 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.210.177.112)


OpenLDAP 2.1.21 has crashed once in the four days since it was put into
production.  The crash occurred at an assert() at line 161 of the
ber_free_buf() function of the libraries/liblber/io.c translation unit.

The core file stack trace says:

Current function is ber_free_buf
  161           assert( LBER_VALID( ber ) );
(dbx 1) where
current thread: t@13
  [1] __sigprocmask(0x0, 0xfa001540, 0x0, 0x0, 0x0, 0x0), at 0xfef29ab8
  [2] _resetsig(0xfef2c340, 0x0, 0x0, 0xfa001d78, 0xfef3e000, 0x0), at
0xfef1e50
c
  [3] _sigon(0xfa001d78, 0xfef45980, 0x6, 0xfa001614, 0xfa001d78, 0xfef9155d),
a
t 0xfef1dcac
  [4] _thrp_kill(0x0, 0xd, 0x6, 0xfef3e000, 0xd, 0xff03c4a0), at 0xfef20cc0
  [5] raise(0x6, 0x0, 0x0, 0xffffffff, 0x1e6550, 0x0), at 0xfefcb190
  [6] abort(0xff03801c, 0xfa001768, 0x39, 0x7efefeff, 0x81010100, 0xff00), at
0x
fefb57bc
  [7] _assert(0x1af5c8, 0x1af5dc, 0xa1, 0x1af5dc, 0x0, 0x1d3e48), at 0xfefb5a60
=>[8] ber_free_buf(ber = 0x2a23d0), line 161 in "io.c"
  [9] ber_free(ber = 0x2a23d0, freebuf = 1), line 187 in "io.c"
  [10] slap_op_free(op = 0x2a30b8), line 48 in "operation.c"
  [11] connection_operation(ctx = 0x2ac520, arg_v = 0x2a30b8), line 1060 in
"con
nection.c"
  [12] ldap_int_thread_pool_wrapper(xpool = 0x1eb408), line 426 in "tpool.c"

The ber pointer used by ber_free_buf() derefences to:

*ber = {
    ber_opts    = {
        lbo_valid    = 49
        lbo_options  = 5136U
        lbo_debug    = 0;
        lbo_meminuse = 2497312
    }
    ber_tag     = 119U
    ber_len     = 2848856U
    ber_usertag = 0
    ber_buf     = 0x2f8300 ""
    ber_ptr     = 0x2fd4bc ""
    ber_end     = 0x2fd4bc ""
    ber_sos     = (nil)
    ber_rwptr   = 0x2a23c8 ""
}

The ber_valid (ber->ber_opts.lbo_valid) value, 49, is clearly invalid.

I have discovered a similar issuereport, but in a different io.c function,
in Incoming/2633.  It, too, applies to OpenDLAP 2.1.21 on Solaris 8.

Any suggestions on further core analysis, available patches, etc., would
be most welcome.

Vic Abell