Found another segv running SAMBA_3_0_RELEASE on Solaris.....
Jeremy Allison
jra at samba.org
Fri Jan 27 17:04:49 GMT 2006
On Fri, Jan 27, 2006 at 08:26:13AM -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gerald (Jerry) Carter wrote:
> > Folks,
> >
> > Looks like https://bugzilla.samba.org/bug/3346 is not
> > entirely fixed. Tracking it down now. Needless to say,
> > until this is fixed, the 3.0.21b release is delayed.
>
> Either it's a bad merge on my part of we have more memory
> alignment problems.
>
> (gdb)
> #6 0x000defac in open_mode_check (conn=0x4f7a70, fname=0xffbff3f8
> "firefox/localstore.rdf", lck=0x4e41c8, access_mask=<error type>,
> share_access=<error type>, create_options=<error type>,
> file_existed=0xffbfee0c) at smbd/open.c:588
>
> 588 validate_my_share_entries(i, &lck->share_modes[i]);
>
> (gdb) print *lck
> $3 = {servicepath = 0x53b2a8 "/export/u1/public", filename = 0x4edb28
> "firefox/localstore.rdf", dev = <error type>, ino = 373185,
> num_share_modes = 2, share_modes = 0x4df140, delete_on_close = 0,
> fresh = 0, modified = 0}
>
> (gdb) print lck->share_modes[0]
> $4 = {pid = {pid = 19101}, op_mid = 47489, op_type = 64,
> access_mask = <error type>, share_access = <error type>,
> private_options = <error type>, time = {tv_sec = 1138371567,
> tv_usec = 55765}, dev = <error type>, inode = 373185,
> share_file_id = <error type>}
The problem is actually here in locking/locking.c :
457 lck->share_modes = talloc_memdup(lck, dbuf.dptr+sizeof(*data),
458 lck->num_share_modes *
459 sizeof(struct share_mode_entry));
Rather than a memdup this needs to be a talloc, then a copy-out.
I'll look at fixing it.
Jeremy.
More information about the samba-technical
mailing list