You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
0 0x000000378e0328a5 in raise () from /lib64/libc.so.6
1 0x000000378e034085 in abort () from /lib64/libc.so.6
2 0x000000378e0707b7 in __libc_message () from /lib64/libc.so.6
3 0x000000378e0760e6 in malloc_printerr () from /lib64/libc.so.6
4 0x00007ff7b21248ae in slapi_ch_free (ptr=0x7ff778004db8) at ../ds/ldap/servers/slapd/ch_malloc.c:363
5 0x00007ff7b2144fc3 in slapi_filter_free (f=0x7ff778004d90, recurse=1) at ../ds/ldap/servers/slapd/filter.c:782
6 0x00007ff7b2145050 in slapi_filter_free (f=0x7ff77800d6a0, recurse=1) at ../ds/ldap/servers/slapd/filter.c:800
7 0x000000000043096e in do_search (pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/search.c:425
8 0x000000000041578e in connection_dispatch_operation (conn=0x7ff7a8801410, op=0x7ff77800e480, pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/connection.c:682
9 0x00000000004172fd in connection_threadmain () at ../ds/ldap/servers/slapd/connection.c:2508
10 0x000000379d829a73 in ?? () from /lib64/libnspr4.so
11 0x000000378e407851 in start_thread () from /lib64/libpthread.so.0
12 0x000000378e0e890d in clone () from /lib64/libc.so.6
The issue is that the slapi_escape_filter_value() returned string gets freed by the caller. When using mozldap, this function can return the original filter pointer, which can lead to a double free(see above stack).
The text was updated successfully, but these errors were encountered:
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/47528
0 0x000000378e0328a5 in raise () from /lib64/libc.so.6
1 0x000000378e034085 in abort () from /lib64/libc.so.6
2 0x000000378e0707b7 in __libc_message () from /lib64/libc.so.6
3 0x000000378e0760e6 in malloc_printerr () from /lib64/libc.so.6
4 0x00007ff7b21248ae in slapi_ch_free (ptr=0x7ff778004db8) at ../ds/ldap/servers/slapd/ch_malloc.c:363
5 0x00007ff7b2144fc3 in slapi_filter_free (f=0x7ff778004d90, recurse=1) at ../ds/ldap/servers/slapd/filter.c:782
6 0x00007ff7b2145050 in slapi_filter_free (f=0x7ff77800d6a0, recurse=1) at ../ds/ldap/servers/slapd/filter.c:800
7 0x000000000043096e in do_search (pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/search.c:425
8 0x000000000041578e in connection_dispatch_operation (conn=0x7ff7a8801410, op=0x7ff77800e480, pb=0x7ff79bffea90) at ../ds/ldap/servers/slapd/connection.c:682
9 0x00000000004172fd in connection_threadmain () at ../ds/ldap/servers/slapd/connection.c:2508
10 0x000000379d829a73 in ?? () from /lib64/libnspr4.so
11 0x000000378e407851 in start_thread () from /lib64/libpthread.so.0
12 0x000000378e0e890d in clone () from /lib64/libc.so.6
The issue is that the slapi_escape_filter_value() returned string gets freed by the caller. When using mozldap, this function can return the original filter pointer, which can lead to a double free(see above stack).
The text was updated successfully, but these errors were encountered: