Potential memory corruption in fileio.c:write_file() since
3.0.20 with write cache size
Jeremy Allison
jra at samba.org
Fri Aug 3 15:56:29 GMT 2007
On Fri, Aug 03, 2007 at 08:06:46AM -0700, Jean-Francois Panisset wrote:
> The fix appears to be simple: just make sure that the condition only
> fires if you are trying to write no further than wcp->data_size from
> the current end of file:
>
> } else if ( (pos >= wcp->file_size) &&
> (n == 1) &&
> (pos < wcp->offset + wcp->alloc_size) &&
> (wcp->file_size == wcp->offset + wcp->data_size)) {
>
> Minimal testing shows this to work for my case, but I haven't looked
> at the code in detail to make sure it always works. An alternative
> could be to comment out the entire if() clause and do away with the
> optimization.
Thanks for this. Jerry, this is a showstopper for 3.0.25c. I'll
fix it asap.
Jeremy.
More information about the samba-technical
mailing list