From b77f04af0a3fcdf442208af811e5307cd9b5c6bc Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Nov 14 2019 15:14:00 +0000 Subject: Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close Bug: The crash reported is caused by calling dblayer_close twice in some offline exec modes. Investigating the crash revealed another crash in dbverify and memory leaks, one introduced by the backend patch, two existing previously Fix: - call dblayer_close only once - initialize db env properly in dbverify execmode - don't set sdn by reference when adding to entrydncache - free collected instances from commandline in dbupgrade mode - free bdb env in index mode Reviewed by: William --- diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c index 67ff3e3..60b6e13 100644 --- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c +++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c @@ -2499,9 +2499,6 @@ error: import_log_notice(job, SLAPI_LOG_WARNING, "import_main_offline", "Failed to close database"); } } - if (!(job->flags & FLAG_ONLINE)) - dblayer_close(job->inst->inst_li, DBLAYER_IMPORT_MODE); - end = slapi_current_utc_time(); if (verbose && (0 == ret)) { int seconds_to_import = end - beginning; diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c index e4cdabc..3108938 100644 --- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c +++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c @@ -1073,7 +1073,7 @@ index_producer(void *param) } /* dn is not dup'ed in slapi_sdn_new_dn_byref. * It's set to bdn and put in the dn cache. */ - sdn = slapi_sdn_new_normdn_byref(normdn); + sdn = slapi_sdn_new_normdn_byval((const char *)normdn); bdn = backdn_init(sdn, temp_id, 0); CACHE_ADD(&inst->inst_dncache, bdn, NULL); CACHE_RETURN(&inst->inst_dncache, &bdn); @@ -1085,6 +1085,7 @@ index_producer(void *param) e = slapi_str2entry_ext(normdn, NULL, data.dptr, SLAPI_STR2ENTRY_NO_ENTRYDN); slapi_ch_free_string(&rdn); + slapi_ch_free_string(&normdn); } } else { e = slapi_str2entry(data.data, 0); diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c index 55a9f25..10f6d40 100644 --- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c +++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c @@ -1929,7 +1929,7 @@ done: } /* Don't free priv->bdb_data_directories since priv doesn't own the memory */ slapi_ch_free((void **)&conf); - slapi_ch_free((void **)&mypEnv); + bdb_free_env((void **)&mypEnv); if (inst_dirp != inst_dir) slapi_ch_free_string(&inst_dirp); return rval; @@ -1957,10 +1957,12 @@ bdb_release_aux_id2entry(backend *be, DB *pDB, DB_ENV *pEnv) } done: - if (pDB) + if (pDB) { pDB->close(pDB, 0); - if (pEnv) + } + if (pEnv) { pEnv->close(pEnv, 0); + } if (envdir) { ldbm_delete_dirs(envdir); slapi_ch_free_string(&envdir); diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c index 8dc1980..01ff128 100644 --- a/ldap/servers/slapd/back-ldbm/dbverify.c +++ b/ldap/servers/slapd/back-ldbm/dbverify.c @@ -20,6 +20,7 @@ ldbm_back_dbverify(Slapi_PBlock *pb) { struct ldbminfo *li = NULL; slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li); + dblayer_setup(li); dblayer_private *priv = (dblayer_private *)li->li_dblayer_private; return priv->dblayer_verify_fn(pb);; diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c index b39d95a..bebd3cf 100644 --- a/ldap/servers/slapd/main.c +++ b/ldap/servers/slapd/main.c @@ -2634,6 +2634,7 @@ slapd_exemode_dbverify(struct main_config *mcfg) backend_plugin->plg_name); return_value = -1; } + charray_free(mcfg->cmd_line_instance_names); slapi_pblock_destroy(pb); return (return_value);