#47858 Internal range searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server
Closed: fixed 3 years ago Opened 5 years ago by mreynolds.

Internal range searches using OP_FLAG_REVERSE_CANDIDATE_ORDER, that do not find any entries, can crash the server in ldbm_search().

This crash can not be reproduced externally. It was discovered while working on ticket 47819 which added an internal range search using the reverse candidates flag.

git merge ticket47858
Updating 6d38125..e6cee31
ldap/servers/slapd/back-ldbm/ldbm_search.c | 2 +-

git push origin master
6d38125..e6cee31 master -> master

commit e6cee31
Author: Mark Reynolds mreynolds@redhat.com
Date: Mon Jul 14 10:47:52 2014 -0400

Hi Mark,

Is this bug introduced with #47767, where OP_FLAG_REVERSE_CANDIDATE_ORDER flag is newly defined?

Replying to [comment:4 nhosoi]:

Hi Mark,

Is this bug introduced with #47767, where OP_FLAG_REVERSE_CANDIDATE_ORDER flag is newly defined?

Yes it was. I only found the crash when I created an internal range search for ticket 47819. So there is no "real" regression at this point in time. As this was committed before ticket 47819 was - so no one is doing internal range searches (with reverse candidate ordering). The only way to verify this fix is to run the ticket47819_test.py script.

88aa59f..da318fa 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit da318fa

45dcda2..722117e 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 722117e12de543a3a66695e795e32f55435779ec

1dbf87a..7dc69db 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 7dc69db

The code looks good and has my ack. I want to confirm that "without" the patch this causes the crash 100% of the time, and that with the patch this test passes? If that is the case, ack and commit!

By Mark information, it is enough to check a tombstone purge operation, because during this the internal search with OP_FLAG_REVERSE_CANDIDATE_ORDER flag happens.

P.S. I've checked 6.9 with an old build (72), but no crash has happened. Maybe it is not 100% reproducible...

I've pushed it for now, because it is basic tombstone test suite functionality. We always can add more test cases.

To ssh://git.fedorahosted.org/git/389/ds.git
8cda4b1..c3a940c master -> master
commit c3a940c
Author: Simon Pichugin spichugi@redhat.com
Date: Wed Dec 14 11:17:05 2016 +0100

Metadata Update from @nhosoi:
- Issue assigned to mreynolds
- Issue set to the milestone:

3 years ago

Simon can this be closed?

Metadata Update from @mreynolds:
- Custom field reviewstatus reset
- Issue close_status updated to: None

3 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.