[samba4] thread safety in charcnv & iconv

Karl Melcher kmelcher at gmail.com
Fri Sep 2 15:05:21 GMT 2005

I have been experiencing a segfault in a test client that uses RPC pipes via 
samba4. This client opens multiple threads to different hosts using 
dcerpc_pipe_connect(). The problem occurs during a system call to iconv() in 
lib/charset/iconv.c inside sys_iconv(). According to the man pages for 
iconv, it changes the state of the passed in descriptor during the 

The table of descriptors used (conv_handles[][]) is initialized on demand 
and is stored in a static array shared between threads. If two or more 
client threads are using the same descriptor that ultimately is used in a 
call to iconv, upon exit from iconv the return code is 0 (OK), but the 
outbytesleft argument is a very large (random) number. A later segfault 
occurs due to large string size. 

I don't yet have a patch for this, but think that sharing the descriptors 
may be a bad idea. A synchronization object may help, but if the state is in 
the descriptor, then they should never be shared between threads. 

I'll keep digging into the use of the iconv and descriptors and see if I can 
find a solution. Any information in this area is appreciated.


More information about the samba-technical mailing list