Crash in CLEAR_IF_FIRST handling in tdb
Rusty Russell
rusty at rustcorp.com.au
Wed Oct 3 01:48:53 MDT 2012
Volker Lendecke <Volker.Lendecke at SerNet.DE> writes:
> Hi Rusty!
>
> Under
> http://git.samba.org/?p=vl/samba.git/.git;a=shortlog;h=refs/heads/tdb
> find a patchset that for me fixes a crash in winbind in tdb.
> For the explanation, see the second patch from the top.
Good catch!
Your fix here should stop a crash when accessing the header, but the
rest of the mmaped database is still going to cause SEGV, no? We only
re-map it when we see an offset which is out-of-bounds (vs the
locally-cache tdb->map_size variable).
To fix that we'd need to avoid ftruncate. We could either unlink and
re-create the database, or simply put the rest of the database as a huge
freelist entry. This will prevent crashes, though there may be other
weirdness.
Thoughts?
Rusty.
More information about the samba-technical
mailing list