smbclient core dump
Patrick Welche
prlw1 at newn.cam.ac.uk
Wed Dec 4 18:58:00 GMT 2002
With aforementioned Dec 4 17:52 GMT CVS code, I get a core dump from
smbclient -L //machine
Core was generated by `smbclient'.
Program terminated with signal 11, Segmentation fault.
#0 0x807ccff in push_string (base_ptr=0x0, dest=0x8130028,
src=0x80a70a0 "PC NETWORK PROGRAM 1.0", dest_len=4294967295, flags=1)
at lib/charcnv.c:721
721 if (!(flags & STR_ASCII) && \
(gdb) bt
#0 0x807ccff in push_string (base_ptr=0x0, dest=0x8130028,
src=0x80a70a0 "PC NETWORK PROGRAM 1.0", dest_len=4294967295, flags=1)
at lib/charcnv.c:721
#1 0x806d367 in clistr_push (cli=0x812d000, dest=0x8130028,
src=0x80a70a0 "PC NETWORK PROGRAM 1.0", dest_len=-1, flags=1)
at /usr/src/local/samba/source/libsmb/clistr.c:25
#2 0x805eb11 in cli_negprot (cli=0x812d000) at libsmb/cliconnect.c:899
#3 0x804f1bc in do_connect (server=0xbfbfb670 "machine",
share=0x80a2309 "IPC$") at client/client.c:2399
#4 0x804f926 in do_host_query (query_host=0xbfbfb670 "machine")
at client/client.c:2589
#5 0x805074e in main (argc=3, argv=0xbfbfbbe0) at client/client.c:3023
#6 0x804a8c4 in ___start ()
I think the clue is dest_len: it is set to -1 in libsmb/cliconnect.c:899,
libsmb/clistr.c:25 clistr_push(... int dest_len ...)
lib/charcnv.c:719 push_string(... size_t dest_len ...)
and for me size_t is unsigned int.
push_ascii then does the right thing if it receives a -1, but of course
it doesn't as dest_len has just becomed unsigned, on the otherhand, you
do compare to (size_t)-1... so it should be alright..
Thoughts?
Cheers,
Patrick
More information about the samba-technical
mailing list