smbd crash
Olivier Sessink
oliviersessink at gmail.com
Tue Apr 13 14:33:15 MDT 2010
On the regular samba list this was posted:
http://lists.samba.org/archive/samba/2010-April/155070.html
-----------------------------------------
==32107== Invalid read of size 4
==32107== at 0x4B86AF9: (within /usr/lib/samba/vfs/scannedonly.so)
==32107== by 0x815234F: smb_vfs_call_open (in /usr/sbin/smbd)
==32107== by 0x8149F56: (within /usr/sbin/smbd)
==32107== by 0x814C059: create_file_default (in /usr/sbin/smbd)
==32107== by 0x8189161: (within /usr/sbin/smbd)
==32107== by 0x81523FE: smb_vfs_call_create_file (in /usr/sbin/smbd)
==32107== by 0x83E165A: (within /usr/sbin/smbd)
==32107== by 0x83E1B7B: clean_up_driver_struct (in /usr/sbin/smbd)
==32107== by 0x82D179D: _spoolss_AddPrinterDriver (in /usr/sbin/smbd)
==32107== by 0x82D1E07: _spoolss_AddPrinterDriverEx (in /usr/sbin/smbd)
==32107== by 0x82E362C: (within /usr/sbin/smbd)
==32107== by 0x83272EA: api_pipe_request (in /usr/sbin/smbd)
==32107== Address 0x18 is not stack'd, malloc'd or (recently) free'd
It would be very helpful if you could recompile with -g to
get line numbers. From the message we see that apparently
some pointer (very likely "fsp") is NULL while
scannedonly_open is called.
-----------------------------------------
Invalid read of size 4 suggests a (64bit) pointer or integer, right?
However, fsp is not used in scannedonly_open (it is only passed to the
NEXT() call), only handle and fname are used. Can 'handle' or 'fname' be
NULL in a VFS _open call?
regards,
Olivier
More information about the samba-technical
mailing list