[PATCH] fix crash in winbindd in tevent_req_poll().

Stefan (metze) Metzmacher metze at samba.org
Fri Apr 17 11:46:18 GMT 2009

boyang schrieb:
> hi, everyone:
>     Have a look at close_conns_after_fork, dom->conn.cli->fd = -1. That
> is to say, it is just set to -1 and not freed. And this is the problem,
> pipes might be there after fork! Then have a look at connection after
> fork, cm_connect_sam() --> invalidate_cm_connection() , pipes might not
> be null, but cli->fd == -1. Then look at the destructor
> rpc_transport_np_state_destructor(),  fd(-1) is added to fd_events list
> and FD_SET will set it in fd sets, 0xFFFFFFFF is so large that FD_SET()
> access invalid memory...
>     Patch is for master.
>     Please correct me if I am wrong. Thanks!

I can't see what it has to do with tevent_req_poll()...
I assume it's just bad luck because the memory is corrupted, right?

Could you please remove the reference to tevent_req_poll()
from the commit message?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090417/7260add0/signature.bin

More information about the samba-technical mailing list