https://bugs.openldap.org/show_bug.cgi?id=9803
Issue ID: 9803
Summary: liblber: assertion( ber->ber_buf == NULL ); failed
Product: OpenLDAP
Version: 2.4.46
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
libraries/liblber/io.c function ber_get_next contains a line
assert( ber->ber_buf == NULL );
and with a larger application that uses libldap-2.4.46, I am running into that
sporadically. I have no idea how that happens, but it seems probable the LDAP
server (of which there is also no info on) is sending something that is
interpreted as invalid and ber_buf does not get freed, so it's set on the next
invocation.
```
(gdb)
zcore: io.c:514: ber_get_next: Assertion `ber->ber_buf == NULL' failed.
Thread 40 "rpc/34" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd6ff8700 (LWP 18485)]
(gdb) up
#1 0x00007ffff20fb585 in abort () from /lib64/libc.so.6
(gdb)
#2 0x00007ffff20f285a in __assert_fail_base () from /lib64/libc.so.6
(gdb)
#3 0x00007ffff20f28d2 in __assert_fail () from /lib64/libc.so.6
(gdb)
#4 0x00007fffee0f48a1 in ber_get_next (sb=0x6040000aa650,
len=len@entry=0x7fffd6ff61c8, ber=ber@entry=0x6070000b0360) at io.c:514
514 assert( ber->ber_buf == NULL );
(gdb) p ber
$1 = (BerElement *) 0x6070000b0360
(gdb) p *ber
$2 = {ber_opts = {lbo_valid = 2, lbo_options = 1, lbo_debug = 0}, ber_tag =
116, ber_len = 78, ber_usertag = 0, ber_buf = 0x6070000b03d0 "cP", ber_ptr =
0x6070000b03d0 "cP", ber_end = 0x6070000b041e "", ber_sos_ptr = 0x0, ber_rwptr
= 0x0, ber_memctx = 0x0}
(gdb) up
#5 0x00007fffee310c91 in try_read1msg (result=0x7fffd6ff6348,
lc=0x6080001182a0, all=1, msgid=18, ld=0x6040000aa610) at result.c:494
494 tag = ber_get_next( lc->lconn_sb, &len, ber );
(gdb) up
#6 wait4msg (result=0x7fffd6ff6348, timeout=<optimized out>, all=1,
msgid=<optimized out>, ld=0x6040000aa610) at result.c:365
365 rc = try_read1msg( ld,
msgid, all, lc, result );
(gdb)
#7 ldap_result (ld=ld@entry=0x6040000aa610, msgid=<optimized out>,
all=all@entry=1, timeout=timeout@entry=0x0, result=result@entry=0x7fffd6ff6348)
at result.c:120
120 rc = wait4msg( ld, msgid, all, timeout, result );
(gdb) p result
$3 = (LDAPMessage **) 0x7fffd6ff6348
(gdb) p result[0]
$4 = (LDAPMessage *) 0x0
(gdb) dow
#6 wait4msg (result=0x7fffd6ff6348, timeout=<optimized out>, all=1,
msgid=<optimized out>, ld=0x6040000aa610) at result.c:365
365 rc = try_read1msg( ld,
msgid, all, lc, result );
(gdb) dow
#5 0x00007fffee310c91 in try_read1msg (result=0x7fffd6ff6348,
lc=0x6080001182a0, all=1, msgid=18, ld=0x6040000aa610) at result.c:494
494 tag = ber_get_next( lc->lconn_sb, &len, ber );
(gdb) p ber
$5 = <optimized out>
(gdb) dow
#4 0x00007fffee0f48a1 in ber_get_next (sb=0x6040000aa650,
len=len@entry=0x7fffd6ff61c8, ber=ber@entry=0x6070000b0360) at io.c:514
514 assert( ber->ber_buf == NULL );
(gdb) l
509 *
510 * We expect tag and len to be at most 32 bits wide.
511 */
512
513 if (ber->ber_rwptr == NULL) {
514 assert( ber->ber_buf == NULL );
515 ber->ber_rwptr = (char *) &ber->ber_len-1;
516 ber->ber_ptr = ber->ber_rwptr;
517 ber->ber_tag = 0;
518 }
(gdb) p ber
$6 = (BerElement *) 0x6070000b0360
(gdb) p ber[0]
$7 = {ber_opts = {lbo_valid = 2, lbo_options = 1, lbo_debug = 0}, ber_tag =
116, ber_len = 78, ber_usertag = 0, ber_buf = 0x6070000b03d0 "cP", ber_ptr =
0x6070000b03d0 "cP", ber_end = 0x6070000b041e "", ber_sos_ptr = 0x0, ber_rwptr
= 0x0, ber_memctx = 0x0}
(gdb) p ber->ber_buf
$8 = 0x6070000b03d0 "cP"
(gdb) up
#5 0x00007fffee310c91 in try_read1msg (result=0x7fffd6ff6348,
lc=0x6080001182a0, all=1, msgid=18, ld=0x6040000aa610) at result.c:494
494 tag = ber_get_next( lc->lconn_sb, &len, ber );
(gdb) p len
$10 = 99
(gdb) p lc
$11 = (LDAPConn *) 0x6080001182a0
```
--
You are receiving this mail because:
You are on the CC list for the issue.
