I was also able to reproduce a crash with svn version 671 too. Here is the valgrind output. Notice how valgrind crashes too, I suspect this is because something is writing to random locations in memory.
==22387== Memcheck, a memory error detector. ==22387== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al. ==22387== Using LibVEX rev 1658, a library for dynamic binary translation. ==22387== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP. ==22387== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework. ==22387== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al. ==22387== For more details, rerun with: -v ==22387== ==22387== My PID = 22387, parent PID = 20946. Prog and args are: ==22387== nslcd ==22387== -d ==22387== --22387-- DWARF2 CFI reader: unhandled CFI instruction 0:50 --22387-- DWARF2 CFI reader: unhandled CFI instruction 0:50 --22387-- DWARF2 CFI reader: unhandled CFI instruction 0:50 --22387-- DWARF2 CFI reader: unhandled CFI instruction 0:50 ==22387== Thread 2: ==22387== Invalid read of size 4 ==22387== at 0x4010E00: (within /lib/ld-2.3.6.so) ==22387== by 0x4004B78: (within /lib/ld-2.3.6.so) ==22387== by 0x4006792: (within /lib/ld-2.3.6.so) ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x43CF478 is 24 bytes inside a block of size 27 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x4006B83: (within /lib/ld-2.3.6.so) ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417FC95: gethostbyname_r (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x4008ED5: (within /lib/ld-2.3.6.so) ==22387== by 0x419F674: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417FC95: gethostbyname_r (in /lib/tls/libc-2.3.6.so) ==22387== by 0x405ECDA: ldap_pvt_gethostbyname_a (in /usr/lib/libldap_r.so.2.0.130) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x4008B2E: (within /lib/ld-2.3.6.so) ==22387== by 0x419F674: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41A14BC: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41A151D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B26C: __nss_lookup_function (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417B36F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x417CDF5: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so) ==22387== by 0x417FC95: gethostbyname_r (in /lib/tls/libc-2.3.6.so) ==22387== by 0x405ECDA: ldap_pvt_gethostbyname_a (in /usr/lib/libldap_r.so.2.0.130) ==22387== ==22387== Invalid read of size 4 ==22387== at 0x4010E17: (within /lib/ld-2.3.6.so) ==22387== by 0x4004B78: (within /lib/ld-2.3.6.so) ==22387== by 0x4006792: (within /lib/ld-2.3.6.so) ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== Address 0x43D3254 is 28 bytes inside a block of size 30 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x4005DA5: (within /lib/ld-2.3.6.so) ==22387== by 0x4006704: (within /lib/ld-2.3.6.so) ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== ==22387== Invalid read of size 4 ==22387== at 0x4010DE9: (within /lib/ld-2.3.6.so) ==22387== by 0x4004B78: (within /lib/ld-2.3.6.so) ==22387== by 0x4006792: (within /lib/ld-2.3.6.so) ==22387== by 0x400A1F6: (within /lib/ld-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x400A3CA: (within /lib/ld-2.3.6.so) ==22387== by 0x419F284: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== Address 0x43D358C is 20 bytes inside a block of size 22 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x4006B83: (within /lib/ld-2.3.6.so) ==22387== by 0x400A1F6: (within /lib/ld-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x400A3CA: (within /lib/ld-2.3.6.so) ==22387== by 0x419F284: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x40089F2: (within /lib/ld-2.3.6.so) ==22387== by 0x419F674: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x402BF99: sasl_client_init (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x404C7B5: ldap_int_sasl_init (in /usr/lib/libldap_r.so.2.0.130) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x4008E57: (within /lib/ld-2.3.6.so) ==22387== by 0x419F674: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x402BF99: sasl_client_init (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x404C7B5: ldap_int_sasl_init (in /usr/lib/libldap_r.so.2.0.130) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x4008C58: (within /lib/ld-2.3.6.so) ==22387== by 0x419F674: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x402BF99: sasl_client_init (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x404C7B5: ldap_int_sasl_init (in /usr/lib/libldap_r.so.2.0.130) ==22387== ==22387== Invalid read of size 4 ==22387== at 0x4010E17: (within /lib/ld-2.3.6.so) ==22387== by 0x400B729: (within /lib/ld-2.3.6.so) ==22387== by 0x4008202: (within /lib/ld-2.3.6.so) ==22387== by 0x41A168C: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x41A17C9: _dl_sym (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCEE7: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCE7A: dlsym (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x403529D: _sasl_locate_entry (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x4035758: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x402BF99: sasl_client_init (in /usr/lib/libsasl2.so.2.0.22) ==22387== Address 0x43D3254 is 28 bytes inside a block of size 30 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x4005DA5: (within /lib/ld-2.3.6.so) ==22387== by 0x4006704: (within /lib/ld-2.3.6.so) ==22387== by 0x419F21F: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x419EC8E: _dl_open (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCD8D: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCD20: dlopen (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x40351EE: _sasl_get_plugin (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x40356FD: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x4010DF3: (within /lib/ld-2.3.6.so) ==22387== by 0x400B729: (within /lib/ld-2.3.6.so) ==22387== by 0x4008202: (within /lib/ld-2.3.6.so) ==22387== by 0x41A168C: (within /lib/tls/libc-2.3.6.so) ==22387== by 0x41A17C9: _dl_sym (in /lib/tls/libc-2.3.6.so) ==22387== by 0x41DCEE7: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x400B44E: (within /lib/ld-2.3.6.so) ==22387== by 0x41DD42C: (within /lib/tls/libdl-2.3.6.so) ==22387== by 0x41DCE7A: dlsym (in /lib/tls/libdl-2.3.6.so) ==22387== by 0x403529D: _sasl_locate_entry (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x4035758: _sasl_load_plugins (in /usr/lib/libsasl2.so.2.0.22) ==22387== by 0x402BF99: sasl_client_init (in /usr/lib/libsasl2.so.2.0.22) ==22387== ==22387== Thread 3: ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050EC8: write_group (group.c:237) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x805106F: write_group (group.c:143) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Thread 6: ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E215: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050EC8: write_group (group.c:237) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x8050C60: write_group (group.c:156) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==22387== by 0x8051065: write_group (group.c:143) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E215: strlen (mc_replace_strmem.c:246) ==22387== by 0x8051065: write_group (group.c:143) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C69: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E215: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C69: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Syscall param write(buf) points to uninitialised byte(s) ==22387== at 0x4096391: (within /lib/tls/libpthread-2.3.6.so) ==22387== by 0x80577AA: tio_write (tio.c:390) ==22387== by 0x8050C4A: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6DCA405 is 53 bytes inside a block of size 64 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x805748E: tio_fdopen (tio.c:151) ==22387== by 0x804A9D2: worker (nslcd.c:354) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E20B: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C56: write_group (group.c:156) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Conditional jump or move depends on uninitialised value(s) ==22387== at 0x401E215: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C56: write_group (group.c:156) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Syscall param write(buf) points to uninitialised byte(s) ==22387== at 0x4096391: (within /lib/tls/libpthread-2.3.6.so) ==22387== by 0x80577AA: tio_write (tio.c:390) ==22387== by 0x8050B42: write_group (group.c:150) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6DCA3D0 is 0 bytes inside a block of size 64 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x805748E: tio_fdopen (tio.c:151) ==22387== by 0x804A9D2: worker (nslcd.c:354) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Syscall param write(buf) points to uninitialised byte(s) ==22387== at 0x4096391: (within /lib/tls/libpthread-2.3.6.so) ==22387== by 0x805755C: tio_flush (tio.c:361) ==22387== by 0x80575D4: tio_close (tio.c:450) ==22387== by 0x804AA21: worker (nslcd.c:407) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6DCA3D0 is 0 bytes inside a block of size 64 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x805748E: tio_fdopen (tio.c:151) ==22387== by 0x804A9D2: worker (nslcd.c:354) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Thread 5: ==22387== Invalid read of size 1 ==22387== at 0x401E211: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050EC8: write_group (group.c:237) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3A is 0 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401E208: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050EC8: write_group (group.c:237) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D51 is not stack'd, malloc'd or (recently) free'd ==22387== ==22387== Invalid write of size 1 ==22387== at 0x401E9A0: strcpy (mc_replace_strmem.c:272) ==22387== by 0x8054254: dn2uid (passwd.c:156) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D5E is not stack'd, malloc'd or (recently) free'd ==22387== ==22387== Invalid write of size 1 ==22387== at 0x401E9A9: strcpy (mc_replace_strmem.c:272) ==22387== by 0x8054254: dn2uid (passwd.c:156) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D60 is 16 bytes before a block of size 18 free'd ==22387== at 0x401CFA5: free (vg_replace_malloc.c:233) ==22387== by 0x41D7749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x4052E48: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x40562B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x804B862: get_exploded_rdn (myldap.c:1154) ==22387== by 0x804BA0F: myldap_cpy_rdn_value (myldap.c:1210) ==22387== by 0x80541AD: dn2uid (passwd.c:132) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== ==22387== Invalid write of size 1 ==22387== at 0x401E9AD: strcpy (mc_replace_strmem.c:272) ==22387== by 0x8054254: dn2uid (passwd.c:156) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D67 is 9 bytes before a block of size 18 free'd ==22387== at 0x401CFA5: free (vg_replace_malloc.c:233) ==22387== by 0x41D7749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x4052E48: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x40562B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x804B862: get_exploded_rdn (myldap.c:1154) ==22387== by 0x804BA0F: myldap_cpy_rdn_value (myldap.c:1210) ==22387== by 0x80541AD: dn2uid (passwd.c:132) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== ==22387== Invalid write of size 1 ==22387== at 0x8051037: write_group (group.c:247) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0DD0 is 24 bytes inside a block of size 27 free'd ==22387== at 0x401CFA5: free (vg_replace_malloc.c:233) ==22387== by 0x41D7749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x4052E50: ldap_avafree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052EC7: ldap_rdnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x4052F27: ldap_dnfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x40562B0: ldap_explode_dn (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x804B862: get_exploded_rdn (myldap.c:1154) ==22387== by 0x804BA0F: myldap_cpy_rdn_value (myldap.c:1210) ==22387== by 0x80541AD: dn2uid (passwd.c:132) ==22387== by 0x8050EBE: write_group (group.c:236) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401E211: strlen (mc_replace_strmem.c:246) ==22387== by 0x8051065: write_group (group.c:143) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3A is 0 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x8051068: write_group (group.c:143) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D51 is not stack'd, malloc'd or (recently) free'd ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401E211: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C69: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3A is 0 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401ED26: memcpy (mc_replace_strmem.c:406) ==22387== by 0x80577E2: tio_write (tio.c:407) ==22387== by 0x8050C4A: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3A is 0 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401ED2F: memcpy (mc_replace_strmem.c:406) ==22387== by 0x80577E2: tio_write (tio.c:407) ==22387== by 0x8050C4A: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3B is 1 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401ED10: memcpy (mc_replace_strmem.c:406) ==22387== by 0x80577E2: tio_write (tio.c:407) ==22387== by 0x8050C4A: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3C is 2 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401ED1D: memcpy (mc_replace_strmem.c:406) ==22387== by 0x80577E2: tio_write (tio.c:407) ==22387== by 0x8050C4A: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3D is 3 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x401E211: strlen (mc_replace_strmem.c:246) ==22387== by 0x8050C56: write_group (group.c:156) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D3A is 0 bytes after a block of size 202 alloc'd ==22387== at 0x401D487: realloc (vg_replace_malloc.c:306) ==22387== by 0x8050E70: write_group (group.c:215) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== ==22387== Invalid read of size 1 ==22387== at 0x8050C59: write_group (group.c:156) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x6EF0D51 is not stack'd, malloc'd or (recently) free'd ==22387== ==22387== Syscall param write(buf) points to uninitialised byte(s) ==22387== at 0x4096391: (within /lib/tls/libpthread-2.3.6.so) ==22387== by 0x80577AA: tio_write (tio.c:390) ==22387== by 0x8050C84: write_group (group.c:157) ==22387== by 0x80511C1: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) ==22387== Address 0x4474AD8 is 0 bytes inside a block of size 64 alloc'd ==22387== at 0x401D38B: malloc (vg_replace_malloc.c:149) ==22387== by 0x805748E: tio_fdopen (tio.c:151) ==22387== by 0x804A9D2: worker (nslcd.c:354) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) valgrind: m_mallocfree.c:194 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed. valgrind: Heap block lo/hi size mismatch: lo = 72, hi = 825373035. Probably caused by overrunning/underrunning a heap block's bounds. ==22387== at 0x38016993: report_and_quit (m_libcassert.c:136) ==22387== by 0x38016CBF: vgPlain_assert_fail (m_libcassert.c:200) ==22387== by 0x380202D5: vgPlain_arena_free (m_mallocfree.c:191) ==22387== by 0x38036001: vgPlain_cli_free (replacemalloc_core.c:108) ==22387== by 0x380019DB: die_and_free_mem (mc_malloc_wrappers.c:111) ==22387== by 0x38036782: do_client_request (scheduler.c:1158) ==22387== by 0x380380A0: vgPlain_scheduler (scheduler.c:869) ==22387== by 0x38057012: run_a_thread_NORETURN (syswrap-linux.c:87) ==22387== by 0x38057279: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:207) ==22387== by 0x38059528: (within /usr/lib/valgrind/x86-linux/memcheck) sched status: running_tid=6 Thread 1: status = VgTs_WaitSys ==22387== at 0x4092183: pthread_join (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x804A514: main (nslcd.c:615) Thread 2: status = VgTs_WaitSys ==22387== at 0x40965FE: accept (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Thread 3: status = VgTs_WaitSys ==22387== at 0x40965FE: accept (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Thread 4: status = VgTs_WaitSys ==22387== at 0x40965FE: accept (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Thread 5: status = VgTs_WaitSys ==22387== at 0x4162CD7: select (in /lib/tls/libc-2.3.6.so) ==22387== by 0x404842A: ldap_result (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x804BFDB: myldap_get_entry (myldap.c:898) ==22387== by 0x805119B: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Thread 6: status = VgTs_Runnable ==22387== at 0x401CFA5: free (vg_replace_malloc.c:233) ==22387== by 0x41D7749: ber_memfree (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x41D5E6B: ber_free_buf (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x41D5F1E: ber_free (in /usr/lib/liblber.so.2.0.130) ==22387== by 0x40469EC: ldap_msgfree (in /usr/lib/libldap_r.so.2.0.130) ==22387== by 0x804BDC2: myldap_entry_free (myldap.c:177) ==22387== by 0x804BF91: myldap_get_entry (myldap.c:885) ==22387== by 0x805119B: nslcd_group_all (group.c:360) ==22387== by 0x804ADD1: worker (nslcd.c:379) ==22387== by 0x40910BC: start_thread (in /lib/tls/libpthread-2.3.6.so) ==22387== by 0x416A01D: clone (in /lib/tls/libc-2.3.6.so) Note: see also the FAQ.txt in the source distribution. It contains workarounds to several common problems. If that doesn't help, please report this bug to: www.valgrind.org In the bug report, send all the above text, the valgrind version, and what Linux distro you are using. Thanks. I hope this too can help narrow the issue down. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
