Impacts 389-ds-base-1.4.0 only.
Doing a search using a filter like this crashes the server:
ldapsearch -b "dc=example,dc=com" "(&(uid=mreynolds)(&(sn=reynolds)(givenname=mark)))"
Thread 33 "ns-slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fb0aaa4c700 (LWP 18924)] 0x00007fb0d11d3163 in filter_merge_subfilter (list=list@entry=0x564f894fcb20, f_cur=f_cur@entry=0x7fb0aaa46d68, f_next=f_next@entry=0x7fb0aaa46d70, f_prev=<optimized out>) at ldap/servers/slapd/filter.c:1568 1568 while (f_cur_tail->f_next != NULL) Thread 33 (Thread 0x7fb0aaa4c700 (LWP 18924)): #0 0x00007fb0d11d3163 in filter_merge_subfilter (list=list@entry=0x564f894fcb20, f_cur=f_cur@entry=0x7fb0aaa46d68, f_next=f_next@entry=0x7fb0aaa46d70, f_prev=<optimized out>) at ldap/servers/slapd/filter.c:1568 f_cur_tail = 0x0 #1 0x00007fb0d11d44ea in slapi_filter_optimise (f=f@entry=0x564f894fcb00) at ldap/servers/slapd/filter.c:1620 f_prev = 0x0 f_cur = 0x564f894fcd80 f_next = 0x0 f_op_head = 0x564f894fca80 f_op_tail = 0x564f894fca80 #2 0x00007fb0d11d432e in slapi_filter_optimise (f=0x564f894fc900) at ldap/servers/slapd/filter.c:1696 #3 0x00007fb0c3dab7f9 in build_candidate_list (candidates=0x7fb0aaa46eb8, lookup_returned_allidsp=0x7fb0aaa46e90, scope=<optimized out>, base=0x564f898e9410 "cn=caacls,cn=ca,dc=greyoak,dc=com", e=<optimized out>, be=0x564f87a0fe10, pb=0x564f87bb3da0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:963 #4 0x00007fb0c3dab7f9 in ldbm_back_search (pb=0x564f87bb3da0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:612
Assigned to firstyear (as requested). I will also be creating a CI test script which I will attach once completed
Metadata Update from @mreynolds: - Custom field component adjusted to None - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None - Issue assigned to firstyear - Issue set to the milestone: 1.4 backlog
Here is the CI test script
<img alt="0001-Ticket-49432-Add-complex-fliter-CI-test.patch" src="/389-ds-base/issue/raw/files/75749633f96446828d4dd23bccca6cb3d8e06dc8be3e28c6d9bf321a20d21809-0001-Ticket-49432-Add-complex-fliter-CI-test.patch" />
Thanks mate. I'll roll this into the filter test suite and will debug this shortly,
================================================================= ==7847==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x7fd9c30513ec bp 0x7fd986de4bd0 sp 0x7fd986de4ba0 T41) ==7847==The signal is caused by a READ memory access. ==7847==Hint: address points to the zero page. llvm-symbolizer: for the -functions option: Cannot find option named 'true'! #0 0x7fd9c30513eb in filter_merge_subfilter /home/william/development/389ds/ds/ldap/servers/slapd/filter.c:1568 #1 0x7fd9c3051830 in slapi_filter_optimise ??:? #2 0x7fd9c3052207 in slapi_filter_optimise ??:? #3 0x7fd9b2ba9314 in build_candidate_list /home/william/development/389ds/ds/ldap/servers/slapd/back-ldbm/ldbm_search.c:963 (discriminator 1) #4 0x7fd9b2ba666b in ldbm_back_search ??:? #5 0x7fd9c30ce088 in op_shared_search /home/william/development/389ds/ds/ldap/servers/slapd/opshared.c:755 #6 0x472a3f in do_search /home/william/development/389ds/ds/ldap/servers/slapd/search.c:332 #7 0x4238b7 in connection_dispatch_operation /home/william/development/389ds/ds/ldap/servers/slapd/connection.c:648 #8 0x429a71 in connection_threadmain connection.c:? #9 0x7fd9c091a0ea in PR_Select ??:? #10 0x7fd9c06d936c in start_thread pthread_create.c:? #11 0x7fd9bffb1bbe in __GI___clone :? AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/opt/dirsrv/lib/dirsrv/libslapd.so.0+0x1313eb) Thread T41 created by T0 here: #0 0x7fd9c3737a2f in pthread_create ??:? #1 0x7fd9c0919dc9 in PR_Select ??:? ==7847==ABORTING
Investigating the root cause of this now,
<img alt="0001-Ticket-49432-filter-optimise-crash.patch" src="/389-ds-base/issue/raw/files/a94a6f7fe53da5b9f9152f62b93487f20e21edac1535e83ececf5582306fccaa-0001-Ticket-49432-filter-optimise-crash.patch" />
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to review (was: None)
38 passed in 9.16 seconds
Passes your test cases @mreynolds :)
Thanks, ack!
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to ack (was: review)
Can you also attach my test script to your commit/push?
Yes @mreynolds I was planning to :)
commit ba0ea20 commit 5c89dd8 To ssh://git@pagure.io/389-ds-base.git 2086d05..5c89dd8 master -> master
Metadata Update from @firstyear: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
1.3.7
855d78b (HEAD -> 389-ds-base-1.3.7, origin/389-ds-base-1.3.7) Ticket 49432 - filter optimise crash
1.3.8
d8d57c9 (HEAD -> 389-ds-base-1.3.8) Ticket 49432 - filter optimise crash
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2491
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Log in to comment on this ticket.