segfaults testing winbindd in trunk

John P Janosik jpjanosi at us.ibm.com
Wed May 25 20:32:06 GMT 2005 




> On Tue, May 24, 2005 at 03:08:33PM -0700, Jeremy Allison wrote:
> > Looks like memory corruption to me. Have you tried valgrinding it ?
> > We'll need to be careful in ensuring this new code is safe.

I've run winbindd through valgrind but I can't see how to fix the problem.
I've included examples of two kinds of patterns I see in the valgrind
output so far.

Invalid read of size 4
==14825==    at 0x808F3DA: async_request (nsswitch/winbindd_dual.c:291)
==14825==    by 0x808F73F: async_domain_request
(nsswitch/winbindd_dual.c:381)
==14825==    by 0x8091483: do_async_domain (nsswitch/winbindd_async.c:110)
==14825==    by 0x8092C3F: winbindd_lookupname_async
(nsswitch/winbindd_async.c:665)
==14825==    by 0x807518D: winbindd_getpwnam (nsswitch/winbindd_user.c:343)
==14825==    by 0x8072A8F: process_request (nsswitch/winbindd.c:332)
==14825==    by 0x8073176: request_recv (nsswitch/winbindd.c:530)
==14825==    by 0x8072DE8: rw_callback (nsswitch/winbindd.c:403)
==14825==    by 0x807399C: process_loop (nsswitch/winbindd.c:805)
==14825==    by 0x807424A: main (nsswitch/winbindd.c:1048)
==14825==  Address 0x1BCCDC28 is 40 bytes inside a block of size 72 free'd
==14825==    at 0x1B903A5D: free (vg_replace_malloc.c:152)
==14825==    by 0x80EC00F: talloc_free (lib/talloc.c:564)
==14825==    by 0x80EBE0C: talloc_free_children (lib/talloc.c:504)
==14825==    by 0x80EBF11: talloc_free (lib/talloc.c:550)
==14825==    by 0x807344E: remove_client (nsswitch/winbindd.c:626)
==14825==    by 0x8073582: remove_idle_client (nsswitch/winbindd.c:662)
==14825==    by 0x8073B46: process_loop (nsswitch/winbindd.c:835)
==14825==    by 0x807424A: main (nsswitch/winbindd.c:1048)

==14825== Syscall param write(buf) points to unaddressable byte(s)
==14825==    at 0x1BB05F8E: __write_nocancel (in /lib/tls/libc-2.3.2.so)
==14825==    by 0x807399C: process_loop (nsswitch/winbindd.c:805)
==14825==    by 0x807424A: main (nsswitch/winbindd.c:1048)
==14825==  Address 0x1C990C34 is 44 bytes inside a block of size 3184
free'd
==14825==    at 0x1B903A5D: free (vg_replace_malloc.c:152)
==14825==    by 0x80EC00F: talloc_free (lib/talloc.c:564)
==14825==    by 0x80EBE0C: talloc_free_children (lib/talloc.c:504)
==14825==    by 0x80EBF11: talloc_free (lib/talloc.c:550)
==14825==    by 0x807344E: remove_client (nsswitch/winbindd.c:626)
==14825==    by 0x8073582: remove_idle_client (nsswitch/winbindd.c:662)
==14825==    by 0x8073B46: process_loop (nsswitch/winbindd.c:835)
==14825==    by 0x807424A: main (nsswitch/winbindd.c:1048)

Thanks,

John

More information about the samba-technical mailing list