389-ds-base

Clone
Source Code
GIT

#49432 crash in filter optimization
Closed: wontfix 6 years ago Opened 6 years ago by mreynolds.

Closed: wontfix
Reopen Issue

Issue Description

Impacts 389-ds-base-1.4.0 only.

Doing a search using a filter like this crashes the server:

ldapsearch -b "dc=example,dc=com" "(&(uid=mreynolds)(&(sn=reynolds)(givenname=mark)))"

Thread 33 "ns-slapd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fb0aaa4c700 (LWP 18924)]
0x00007fb0d11d3163 in filter_merge_subfilter (list=list@entry=0x564f894fcb20, f_cur=f_cur@entry=0x7fb0aaa46d68, f_next=f_next@entry=0x7fb0aaa46d70, f_prev=<optimized out>) at ldap/servers/slapd/filter.c:1568
1568        while (f_cur_tail->f_next != NULL) 

Thread 33 (Thread 0x7fb0aaa4c700 (LWP 18924)):
#0  0x00007fb0d11d3163 in filter_merge_subfilter (list=list@entry=0x564f894fcb20, f_cur=f_cur@entry=0x7fb0aaa46d68, f_next=f_next@entry=0x7fb0aaa46d70, f_prev=<optimized out>) at ldap/servers/slapd/filter.c:1568
        f_cur_tail = 0x0
#1  0x00007fb0d11d44ea in slapi_filter_optimise (f=f@entry=0x564f894fcb00) at ldap/servers/slapd/filter.c:1620
        f_prev = 0x0
        f_cur = 0x564f894fcd80
        f_next = 0x0
        f_op_head = 0x564f894fca80
        f_op_tail = 0x564f894fca80
#2  0x00007fb0d11d432e in slapi_filter_optimise (f=0x564f894fc900) at ldap/servers/slapd/filter.c:1696
#3  0x00007fb0c3dab7f9 in build_candidate_list (candidates=0x7fb0aaa46eb8, lookup_returned_allidsp=0x7fb0aaa46e90, scope=<optimized out>, base=0x564f898e9410 "cn=caacls,cn=ca,dc=greyoak,dc=com", e=<optimized out>, be=0x564f87a0fe10, pb=0x564f87bb3da0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:963
#4  0x00007fb0c3dab7f9 in ldbm_back_search (pb=0x564f87bb3da0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:612

Assigned to firstyear (as requested). I will also be creating a CI test script which I will attach once completed

Metadata Update from @mreynolds:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue assigned to firstyear
- Issue set to the milestone: 1.4 backlog
6 years ago

Thanks mate. I'll roll this into the filter test suite and will debug this shortly,

 
=================================================================
==7847==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x7fd9c30513ec bp 0x7fd986de4bd0 sp 0x7fd986de4ba0 T41)
==7847==The signal is caused by a READ memory access.
==7847==Hint: address points to the zero page.
llvm-symbolizer: for the -functions option: Cannot find option named 'true'!
    #0 0x7fd9c30513eb in filter_merge_subfilter /home/william/development/389ds/ds/ldap/servers/slapd/filter.c:1568
    #1 0x7fd9c3051830 in slapi_filter_optimise ??:?
    #2 0x7fd9c3052207 in slapi_filter_optimise ??:?
    #3 0x7fd9b2ba9314 in build_candidate_list /home/william/development/389ds/ds/ldap/servers/slapd/back-ldbm/ldbm_search.c:963 (discriminator 1)
    #4 0x7fd9b2ba666b in ldbm_back_search ??:?
    #5 0x7fd9c30ce088 in op_shared_search /home/william/development/389ds/ds/ldap/servers/slapd/opshared.c:755
    #6 0x472a3f in do_search /home/william/development/389ds/ds/ldap/servers/slapd/search.c:332
    #7 0x4238b7 in connection_dispatch_operation /home/william/development/389ds/ds/ldap/servers/slapd/connection.c:648
    #8 0x429a71 in connection_threadmain connection.c:?
    #9 0x7fd9c091a0ea in PR_Select ??:?
    #10 0x7fd9c06d936c in start_thread pthread_create.c:?
    #11 0x7fd9bffb1bbe in __GI___clone :?

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/opt/dirsrv/lib/dirsrv/libslapd.so.0+0x1313eb)
Thread T41 created by T0 here:
    #0 0x7fd9c3737a2f in pthread_create ??:?
    #1 0x7fd9c0919dc9 in PR_Select ??:?

==7847==ABORTING

Investigating the root cause of this now,

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to review (was: None)
6 years ago 
 38 passed in 9.16 seconds

Passes your test cases @mreynolds :)

Thanks, ack!

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to ack (was: review)
6 years ago

Can you also attach my test script to your commit/push?

Yes @mreynolds I was planning to :)

commit ba0ea20
commit 5c89dd8
To ssh://git@pagure.io/389-ds-base.git
2086d05..5c89dd8 master -> master

Metadata Update from @firstyear:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

1.3.7

855d78b (HEAD -> 389-ds-base-1.3.7, origin/389-ds-base-1.3.7) Ticket 49432 - filter optimise crash

1.3.8

d8d57c9 (HEAD -> 389-ds-base-1.3.8) Ticket 49432 - filter optimise crash

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2491

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
ack
None
None
Attachments 2
0001-Ticket-49432-Add-complex-fliter-CI-test.patch
Attached 6 years ago View Comment
0001-Ticket-49432-filter-optimise-crash.patch
Attached 6 years ago View Comment
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.