[Arthur de Jong] > I noticed from the valgrind output you're using etch's Glibc. Are > you also using OpenLDAP from etch?
This is still against an AD LDAP server. > How do you produce the binary (compiler, compiler flags, etc) (I > would recommend passing --enable-debug to configure, no optimisation > flags)? Anything else out of the ordinary? I build using 'DEB_BUILD_OPTIONS=nostrip debuild'. :) > Which architecture are you using? It is i386. > Also installing libc6-dbg should give a little more debugging > information. Good idea. Done. > This is really strange, because it is when doing a hostname resolution > (probably for the name of the LDAP server). It should be outside the > scope of nslcd and before any real LDAP operations take place. I included the entire output that time, and it also included stuff before any LDAP operations. > Could you also include the output of nslcd in the log and some > information about which commands were run to trigger the crash? Will try, but it isn't too easy as there are 15000 lines of output. :) > Are you sure you're using r671? That revision does not include a > strlen() call on line 237 (r634 does btw). Nope. You are right. I messed up this test, and used an old version. > I have found a bug in the group code that would incorrectly handle > invalid DN values. Attached is a fix for this bug > (nss-ldapd-groups-invalid-dn.patch) which is also committed as r672. > > If this fixes the problem I would like to know what kind of DN was > passed that it couldn't be parsed or looked up correctly. Attached is a > patch (nss-ldapd-dn2uid-logging.patch) that should log all dn2uid() > calls. Could you try that also? It did not solve the problem. Still crashing. Here is the complete valgrind output: ==32115== Memcheck, a memory error detector. ==32115== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==32115== Using LibVEX rev 1658, a library for dynamic binary translation. ==32115== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. ==32115== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework. ==32115== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==32115== For more details, rerun with: -v ==32115== ==32115== My PID = 32115, parent PID = 16983. Prog and args are: ==32115== nslcd ==32115== -d ==32115== ==32116== Thread 2: ==32116== Conditional jump or move depends on uninitialised value(s) ==32116== at 0x40920CC: __pthread_manager (manager.c:128) ==32116== by 0x41987F9: clone (clone.S:119) ==32116== ==32116== Syscall param clone(child_tidptr) contains uninitialised byte(s) ==32116== at 0x41987EC: clone (clone.S:100) ==32116== by 0x41987F9: clone (clone.S:119) ==32121== ==32121== Thread 4: ==32121== Conditional jump or move depends on uninitialised value(s) ==32121== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==32121== by 0x8050E6A: write_group (group.c:248) ==32121== by 0x8051171: nslcd_group_all (group.c:371) ==32121== by 0x804ADC1: worker (nslcd.c:379) ==32121== by 0x4091C50: pthread_start_thread (manager.c:310) ==32121== by 0x41987F9: clone (clone.S:119) ==32121== ==32121== Conditional jump or move depends on uninitialised value(s) ==32121== at 0x8051011: write_group (group.c:154) ==32121== by 0x8051171: nslcd_group_all (group.c:371) ==32121== by 0x804ADC1: worker (nslcd.c:379) ==32121== by 0x4091C50: pthread_start_thread (manager.c:310) ==32121== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Thread 7: ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E215: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050E6A: write_group (group.c:248) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x8050C00: write_group (group.c:167) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Invalid read of size 1 ==32125== at 0x401E211: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050E6A: write_group (group.c:248) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA12B is 0 bytes after a block of size 203 alloc'd ==32125== at 0x401D487: realloc (vg_replace_malloc.c:306) ==32125== by 0x8050E12: write_group (group.c:226) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Invalid read of size 1 ==32125== at 0x401E208: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050E6A: write_group (group.c:248) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA141 is not stack'd, malloc'd or (recently) free'd ==32125== ==32125== Invalid write of size 1 ==32125== at 0x401E9A0: strcpy (mc_replace_strmem.c:272) ==32125== by 0x80543D4: dn2uid (passwd.c:156) ==32125== by 0x8050E60: write_group (group.c:247) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA142 is not stack'd, malloc'd or (recently) free'd ==32125== ==32125== Invalid write of size 1 ==32125== at 0x401E9A9: strcpy (mc_replace_strmem.c:272) ==32125== by 0x80543D4: dn2uid (passwd.c:156) ==32125== by 0x8050E60: write_group (group.c:247) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA144 is not stack'd, malloc'd or (recently) free'd ==32125== ==32125== Invalid write of size 1 ==32125== at 0x401E9AD: strcpy (mc_replace_strmem.c:272) ==32125== by 0x80543D4: dn2uid (passwd.c:156) ==32125== by 0x8050E60: write_group (group.c:247) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA14A is not stack'd, malloc'd or (recently) free'd ==32125== ==32125== Invalid write of size 1 ==32125== at 0x8050FD9: write_group (group.c:258) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x6DFA196 is not stack'd, malloc'd or (recently) free'd ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==32125== by 0x8051007: write_group (group.c:154) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E215: strlen (mc_replace_strmem.c:246) ==32125== by 0x8051007: write_group (group.c:154) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050C09: write_group (group.c:168) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E215: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050C09: write_group (group.c:168) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050BF6: write_group (group.c:167) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Conditional jump or move depends on uninitialised value(s) ==32125== at 0x401E215: strlen (mc_replace_strmem.c:246) ==32125== by 0x8050BF6: write_group (group.c:167) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== ==32125== Syscall param write(buf) points to uninitialised byte(s) ==32125== at 0x40979DB: write (in /usr/lib/debug/libpthread-0.10.so) ==32125== by 0x805795A: tio_write (tio.c:390) ==32125== by 0x8050B09: write_group (group.c:161) ==32125== by 0x8051171: nslcd_group_all (group.c:371) ==32125== by 0x804ADC1: worker (nslcd.c:379) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) ==32125== Address 0x7129F5D is 53 bytes inside a block of size 64 alloc'd ==32125== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==32125== by 0x805763E: tio_fdopen (tio.c:151) ==32125== by 0x804A9B2: worker (nslcd.c:354) ==32125== by 0x4091C50: pthread_start_thread (manager.c:310) ==32125== by 0x41987F9: clone (clone.S:119) valgrind: m_mallocfree.c:194 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 256, hi = 875716974. Probably caused by overrunning/underrunning a heap block's bounds. ==32120== at 0x38016993: report_and_quit (m_libcassert.c:136) ==32120== by 0x38016CBF: vgPlain_assert_fail (m_libcassert.c:200) ==32120== by 0x3802049E: vgPlain_arena_free (m_mallocfree.c:191) ==32120== by 0x38036001: vgPlain_cli_free (replacemalloc_core.c:108) ==32120== by 0x380019DB: die_and_free_mem (mc_malloc_wrappers.c:111) ==32120== by 0x38036782: do_client_request (scheduler.c:1158) ==32120== by 0x380380A0: vgPlain_scheduler (scheduler.c:869) ==32120== by 0x38057012: run_a_thread_NORETURN (syswrap-linux.c:87) ==32120== by 0x38057279: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:207) ==32120== by 0x38059528: (within /usr/lib/valgrind/x86-linux/memcheck) sched status: running_tid=3 Thread 1: status = VgTs_WaitSys ==32120== at 0x4094B64: __pthread_sigsuspend (pt-sigsuspend.c:54) ==32120== by 0x4093727: __pthread_wait_for_restart_signal (pthread.c:1224) ==32120== by 0x4091782: pthread_join (restart.h:34) ==32120== by 0x804A4F4: main (nslcd.c:615) Thread 2: status = VgTs_WaitSys ==32120== at 0x418F9E9: poll (poll.c:86) ==32120== by 0x40921EF: __pthread_manager (manager.c:152) ==32120== by 0x41987F9: clone (clone.S:119) Thread 3: status = VgTs_Runnable ==32120== at 0x401CFA5: free (vg_replace_malloc.c:233) ==32120== by 0x4200749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==32120== by 0x41FEE6B: ber_free_buf (in /usr/lib/liblber.so.2.0.130) ==32120== by 0x41FEF1E: ber_free (in /usr/lib/liblber.so.2.0.130) ==32120== by 0x4057BF7: ldap_free_request_int (in /usr/lib/libldap_r.so.2.0.130) ==32120== by 0x4057CB2: ldap_free_request (in /usr/lib/libldap_r.so.2.0.130) ==32120== by 0x4047E0D: (within /usr/lib/libldap_r.so.2.0.130) ==32120== by 0x40484B2: ldap_result (in /usr/lib/libldap_r.so.2.0.130) ==32120== by 0x804BFDB: myldap_get_entry (myldap.c:894) ==32120== by 0x805114B: nslcd_group_all (group.c:371) ==32120== by 0x804ADC1: worker (nslcd.c:379) ==32120== by 0x4091C50: pthread_start_thread (manager.c:310) ==32120== by 0x41987F9: clone (clone.S:119) Thread 4: status = VgTs_WaitSys ==32120== at 0x4097C78: accept (socket.S:101) ==32120== by 0x4091C50: pthread_start_thread (manager.c:310) ==32120== by 0x41987F9: clone (clone.S:119) Thread 5: status = VgTs_WaitSys ==32120== at 0x4097C78: accept (socket.S:101) ==32120== by 0x4091C50: pthread_start_thread (manager.c:310) ==32120== by 0x41987F9: clone (clone.S:119) Thread 6: status = VgTs_WaitSys ==32120== at 0x4097C78: accept (socket.S:101) ==32120== by 0x4091C50: pthread_start_thread (manager.c:310) ==32120== by 0x41987F9: clone (clone.S:119) Thread 7: status = VgTs_Runnable ==32120== at 0x4191E41: select (in /usr/lib/debug/libc-2.3.6.so) ==32120== by 0x404842A: ldap_result (in /usr/lib/libldap_r.so.2.0.130) ==32120== by 0x804BFDB: myldap_get_entry (myldap.c:894) ==32120== by 0x805114B: nslcd_group_all (group.c:371) ==32120== by 0x804ADC1: worker (nslcd.c:379) ==32120== by 0x4091C50: pthread_start_thread (manager.c:310) ==32120== by 0x41987F9: clone (clone.S:119) Note: see also the FAQ.txt in the source distribution. It contains workarounds to several common problems. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what Linux distro you are using. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
