infinite loop in winbind_child_died
Jeremy Allison
jra at samba.org
Mon Jan 12 18:59:44 GMT 2009
On Mon, Jan 12, 2009 at 08:29:44AM -0800, Herb Lewis wrote:
> This is in samba 3.0.26a code.
>
> I have run into a few cases where something will corrupt the
> struct winbindd_child linked list so that the following loop
> in winbind_child_died does not terminate
>
> for (child = children; child != NULL; child = child->next) {
> if (child->pid == pid) {
> break;
> }
> }
>
> What happens is that the last "real" entry in the list ends up
> having a next pointer that points to the first entry (instead of being
> NULL) making an infinite loop. This happens rarly so I have not been
> able to catch how the corruption happens and the core files have only
> let me see the above effect. I added debug messages to see when a child
> was forked and when it died and I see the new child get forked before
> the previous one prints it's "died" message.
>
> Does this sound like something that has been fixed in the 3.2.x code?
> Any ideas where I should look to?
valgrind it, but there have been lots of recent changes
to this code recently :-). I'd update to latest 3.0.x
git tree and see if it's fixed.
Jeremy.
More information about the samba-technical
mailing list