[samba4] thread safety in charcnv & iconv
Karl Melcher
kmelcher at gmail.com
Fri Sep 2 15:05:21 GMT 2005
I have been experiencing a segfault in a test client that uses RPC pipes via
samba4. This client opens multiple threads to different hosts using
dcerpc_pipe_connect(). The problem occurs during a system call to iconv() in
lib/charset/iconv.c inside sys_iconv(). According to the man pages for
iconv, it changes the state of the passed in descriptor during the
conversion.
The table of descriptors used (conv_handles[][]) is initialized on demand
and is stored in a static array shared between threads. If two or more
client threads are using the same descriptor that ultimately is used in a
call to iconv, upon exit from iconv the return code is 0 (OK), but the
outbytesleft argument is a very large (random) number. A later segfault
occurs due to large string size.
I don't yet have a patch for this, but think that sharing the descriptors
may be a bad idea. A synchronization object may help, but if the state is in
the descriptor, then they should never be shared between threads.
I'll keep digging into the use of the iconv and descriptors and see if I can
find a solution. Any information in this area is appreciated.
Karl
More information about the samba-technical
mailing list