Samba 3.6.4 tdb question

Ira Cooper ira at samba.org
Tue Jun 19 15:12:42 MDT 2012


On Tue, Jun 19, 2012 at 4:21 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Tue, Jun 19, 2012 at 12:26:16PM -0700, Herb Lewis wrote:
>> On 06/19/2012 10:59 AM, Herb Lewis wrote:
>> >On 06/19/2012 10:33 AM, Jeremy Allison wrote:
>> >>On Tue, Jun 19, 2012 at 10:31:05AM -0700, Herb Lewis wrote:
>> >>>The file lib/tdb/common/tdb.c has a comment before the function
>> >>>tdb_parse_record
>> >>>
>> >>>* DON'T CALL OTHER TDB CALLS FROM THE PARSER, THIS MIGHT LEAD
>> >>>TO SEGFAULTS.
>> >>>
>> >>>can someone explain exactly what this means? Exactly what calls are
>> >>>not allowed?
>> >>>I've run into a case where I get a segfault because tdb_parse_record
>> >>>ends up calling
>> >>>tdb_lock_list which then calls tdb_needs_recovery which tries to do
>> >>>a tdb_read which
>> >>>then gets a segfault. So it looks like I've hit this condition.
>> >>Ooooh. That sounds interesting ! Can you post the
>> >>stack backtrace ?
>> >>
>> >>Cheers,
>> >>
>> >>    Jeremy.
>> >Unfortunately I don't have the offending tdb file but here is a
>> >partial backtrace
>
> In that backtrace I can't see anything suspicions from a
> wrong use of tdb_parse_record, but I would not say I'm not
> missing anything. In particular I don't see any recursive
> call from db_tdb_fetch_parse back into tdb. This must be
> something else as far as I can see.

What if munmap failed?  That would explain what we are seeing.  I'm
not sure anything in that stack touches the mmapped area until then.

I checked the error handling around munmap and it looks like it could
cause this exact error.   It leaves the map_ptr set.  (Look at
tdb_unmap.)

Thoughts?

-Ira


More information about the samba-technical mailing list