[Issue 9912] New: slapd attempting free on address which was not malloced

Thu, 01 Sep 2022 18:28:43 -0700 

https://bugs.openldap.org/show_bug.cgi?id=9912

          Issue ID: 9912
           Summary: slapd attempting free on address which was not
                    malloced
           Product: OpenLDAP
           Version: 2.6.3
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Providing following command-line input results in invalid free.

./servers/slapd/slapd -h1 -h1 

This issue exists in openldap-2.6.3 and the master branch of git.

Environment:
- Ubuntu 20.04 
- clang-14.0.6 with CFLAGS="-fsanitize=address"  


Backtrace:
=================================================================
==3323395==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x7ffc8512c238 in thread T0
    #0 0x4d0077 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x4d0077)
    #1 0xb77152 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0xb77152)
    #2 0x65ff02 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x65ff02)
    #3 0x5168a9 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x5168a9)
    #4 0x7ff21bd3c082  (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId:
1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #5 0x42130d 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x42130d)

Address 0x7ffc8512c238 is located in stack of thread T0 at offset 10072 in
frame
    #0 0x515fef 
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x515fef)

  This frame has 10 object(s):
    [32, 36) 'rc' (line 220)
    [48, 52) 'syslogUser' (line 230)
    [64, 72) 'waitfds' (line 234)
    [96, 100) 'level' (line 402)
    [112, 128) 'opt' (line 432)
    [144, 148) 'opt393' (line 717)
    [160, 168) 'errmsg' (line 726)
    [192, 196) 'buf' (line 778)
    [208, 336) 'ebuf' (line 798)
    [368, 496) 'ebuf524' (line 821) <== Memory access at offset 10072 overflows
this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: bad-free
(/home/juhee/project/foxfuzz/programs/network/openldap/servers/slapd/slapd+0x4d0077)
 
==3323395==ABORTING

-- 
You are receiving this mail because:
You are on the CC list for the issue.

Reply via email to