Problems handling chain offsets with OS/2's WriteAndX/ReadAndX

samba.10.maazl at samba.10.maazl at
Fri Aug 5 19:49:06 MDT 2011

I have problems with client errors and file corruptions with OS/2 
clients. They are triggered by writex commands that fail.

In fact the implementation of smbd/reply.c reply_write_and_X 
significantly changed since samba 3.2.something. And since that I have 
problems with OS/2 and eComStation clients.

This time MP3 files get corrupted when invoking an ID3 tag editor.
The "chained or invalid word length" check in is_valid_writeX_buffer 
triggers. Obviously this check ist contradictory to reply_and_write_X, 
which accepts 14 and *12* in word count (req->wct). I disabled the 
check, but this only raised further length check problems in process.c 
I think samba can no longer handle WriteAndX with word count 12.

Samba version is 3.5.6

Level 10 log available at
The interesting part starts at line 2065.

The same test case on a Windows server (XP) succeeds.
tshark log available at

Thie first difference is the returned offset in the WriteAndX reply. 
Windows returns 47 while samba returns 48 - whatever this means.
I disabled all checks in process.c chain_reply to get that far.

Any ideas how to get things working again?


More information about the samba-technical mailing list