infinite loop in winbind_child_died
Herb Lewis
hlewis at panasas.com
Mon Jan 12 16:29:44 GMT 2009
This is in samba 3.0.26a code.
I have run into a few cases where something will corrupt the
struct winbindd_child linked list so that the following loop
in winbind_child_died does not terminate
for (child = children; child != NULL; child = child->next) {
if (child->pid == pid) {
break;
}
}
What happens is that the last "real" entry in the list ends up
having a next pointer that points to the first entry (instead of being
NULL) making an infinite loop. This happens rarly so I have not been
able to catch how the corruption happens and the core files have only
let me see the above effect. I added debug messages to see when a child
was forked and when it died and I see the new child get forked before
the previous one prints it's "died" message.
Does this sound like something that has been fixed in the 3.2.x code?
Any ideas where I should look to?
More information about the samba-technical
mailing list