64bit problems in 2.0.5a
Darren Reed
darrenr at telnetmedia.com
Fri Jan 28 05:29:38 GMT 2000
The first problem I found is at nmbd/nmbd_winsserver.c:814 (or thereabouts):
...
if( namerec != NULL )
{
char ud[sizeof(struct userdata_struct) + sizeof(struct packet_struct *)];
struct userdata_struct *userdata = (struct userdata_struct *)ud;
...
"struct userdata_struct" contains pointers as the first few records.
It is possible for ud to be stored on an address boundary which is not
a multiple of 8 and hence cause a bus error when trying to access the
first element - copy_fn - which is a pointer. Stack trace is as follows:
(dbx) where
[1] _libc_kill(0x0, 0x6, 0x0, 0x0, 0xffffffffffffffff, 0x1001524f8), at 0xffff
ffff7efa3198
[2] abort(0xffffffff7f0affb8, 0x100138958, 0x10013ac58, 0x97b, 0x100138908, 0x
2b), at 0xffffffff7ef4115c
[3] smb_panic(why = 0x100138958 "internal error"), line 2429 in "util.c"
[4] fault_report(sig = 10), line 45 in "fault.c"
[5] sig_fault(sig = 10), line 65 in "fault.c"
[6] sigacthandler(0xa, 0x0, 0xffffffff7fffe5a0, 0xa, 0x0, 0x1), at 0xffffffff7
efa268c
---- called from signal handler with signal 10 (SIGBUS) ------
=>[7] wins_process_multihomed_name_registration_request(subrec = 0x10015f3e0, p
= 0x10016b750), line 1131 in "nmbd_winsserver.c"
[8] process_nmb_request(p = 0x10016b750), line 1488 in "nmbd_packets.c"
[9] run_packet_queue(), line 1588 in "nmbd_packets.c"
[10] process(), line 265 in "nmbd.c"
[11] main(argc = 4, argv = 0xffffffff7fffede8), line 783 in "nmbd.c"
(dbx)
Using "long" instead of "char" as:
long ud[(sizeof(foo) + sizeof(bar))/sizeof(long) + 1];
seems to solve the problem (the +1 is there to take care of truncation).
It would appear this problem is elsewhere in samba code too.
Darren
More information about the samba-technical
mailing list