Summary:ASTERISK-17386: [patch] res_config_ldap with malloc_debug produces munmap_chunk(): invalid pointer:
Reporter:John Covert (jcovert)Labels:
Date Opened:2011-02-11 00:21:17.000-0600Date Closed:2013-04-10 09:27:16
Versions:1.8.2 Frequency of
Environment:Attachments:( 0) ASTERISK-17386-1.8.diff
( 1) backtrace.txt
( 2) issue18789-1.8-r316873.patch
Description:If malloc_debug is turned on, as soon as an ldap realtime peer attempts to register, wham.

This occurs at the ldap_mods_free call at line 1338.

Problem occurs with or without the patch from issue 18435 (i.e. with straight or with SVN revision 304866 of res_config_ldap.c)

Runs "ok" without malloc_debug.

Backtrace attached.
Comments:By: Walter Doekes (wdoekes) 2011-03-21 09:25:31

This is quite obvious why it goes bad.

ldap_mod_free() is asked to undo ast_calloc allocations.

When MEMORY_DEBUG is on, the memory position that we're holding is not the place that was really allocated. So, free() cannot and should not be called on anything created by ast_calloc.

I don't know what ldap_mods_free() does or is supposed to do, but I figure a loop over ldap_mods with an ast_free would be more appropriate.

By: Sean Bright (seanbright) 2011-05-04 16:15:01

The attached patch should fix the problem.  Can you test and report results?

By: John Covert (jcovert) 2011-05-05 12:22:54

my client has asked me to wait until next week to test.

By: Matt Jordan (mjordan) 2013-01-14 14:53:15.467-0600

Any chance you've been able to test this patch? This seems like a rather trivial solution and it would be nice to get this problem fixed in 1.8+.

By: Andrew Latham (lathama) 2013-01-16 12:24:26.258-0600

Testing this now with ASTERISK-20886

By: Andrew Latham (lathama) 2013-01-31 14:11:42.307-0600

This works ok but I would love to see some code comments and more info.  I see at least one other place where this change might be needed.

By: Matt Jordan (mjordan) 2013-03-12 17:28:27.114-0500

So, looking at recent 1.8, the original patch is a bit out of date:
* Some of the *_calloc based calls have been replaced with string dups
* There are some additional *_realloc based calls later on

The attached patch I think gets all of the various memory allocations, such that the later deallocations via the LDAP library should succeed with MALLOC_DEBUG enabled.

Andrew - since you run with LDAP, can you confirm that this works?

By: Andrew Latham (lathama) 2013-03-12 17:37:15.298-0500

I will have a look.  It is a pain to test, but I have a way.

BTW Zentyal has a lot of hacks to fix issues with LDAP and Asterisk as it is a feature of their project.

By: Andrew Latham (lathama) 2013-03-18 12:16:48.093-0500

This compiles, works so far but I am working with trunk and will have to test with all active branches.

By: Matt Jordan (mjordan) 2013-04-09 15:30:09.138-0500

If this worked on trunk, I feel reasonably confident that it will work with 1.8/11, as the code in res_config_ldap has changed very little between the various branches.

If you're okay with it going in, I don't mind committing it.

By: Andrew Latham (lathama) 2013-04-09 15:43:47.729-0500

I like the patch.  I feel that there are more areas that need cleaned up.  Maybe commit this and close to get it moving along.  I am having a real problem getting folks to do testing. LDAP testing is harder than ODBC to setup and stress.