On 03/18/2013 07:48 PM, Howard Chu wrote: > [email protected] wrote: >> Full_Name: Matthias Grau >> Version: 2.4.34 >> OS: debian 6.7.0 x64 >> URL: ftp://ftp.openldap.org/incoming/matthias.grau.130318.bz2 >> Submission from: (NULL) (94.217.193.246) >> >> >> slapd can cause a segfault when sorting values in modify operation. >> Under rare circumstances modify.c:802: jstack += 2; can reach a value >> of greater >> 63 which leads to an overwritten pointer for AttributeDescription. > > Thanks for the report. > >> Changing the size of istack from sizeof(int) * 16 to sizeof(int)*16 + >> 1 solves >> the segfault. But I don't think that's the correct solution. >> As shown here: >> http://theory.stanford.edu/~amitp/rants/c++-vs-c/test5.cc >> there should be a condition to break if jstack reaches the size of of >> istack. > > No. In a correct implementation, jstack can never exceed the size of > istack. > This was fixed in similar/identical code elsewhere, e.g. commit > bb36bdcd1c22d1fbc6575452ef5c9112715ab083 and > e1559100eb8e9a664cd68915e5acbf8caa334fa1 but for some reason we missed > these other instances. > > Fixed now in git master.
Thanks for your fast solution. Problem is solved in git master.
