Do anyone here have the experience with 64bits compiled Samba on SPARC?

Thu Nov 26 10:21:56 UTC 2015

Hi,

On Thu, Nov 26, 2015 at 06:20:40AM +0100, Jiri Sasek - Solaris Prague wrote:
> Hi geeks,
> 
> I have built 64bits Samba and winbindd is receiving the SIGBUS(*)
> 
> ...on:
> 
> libsmbconf.so.0`talloc_dict_traverse_fn+0xf0:   ldx [%l2], %l3
> 
> 
> where l2 is equal to 2b50c7275c as can be seen from stackregs trace:
> ...
> fffffdfa7f4001a1
> libsmbconf.so.0`talloc_dict_traverse_fn+0xf0(fffffdfa7f400be0,
> fffffdfa7f401190, fffffdfa7f400bf8, fffffdfa7f400bd8, 1, fffffdfa7f400c20)
>   %l0-%l3:    7ffc619014800               44 2b50c7275c               44
>   %l4-%l7:       2b50c72718               44 2b50c72718               44
>   libdbwrap.so`db_rbt_traverse_internal+0x198:jmpl %l3, %o7
> ...
> 
> and:
> >2b50c7275c,10::dump
>               0 1 2 3  4 5 6 7  8 9 a b \/ d e f 0123456789abvdef
> 2b50c72750:  00000000 00000000 00000000 0000002b ...............+
> 2b50c72760:  50c73170 000a8750 0000002b 50c72500 P.1p...P...+P.%.
> 
> So I suppose the problem is the 0x2b50c7275c address is not the 64bits
> alligned.
> 
> I have also localized the problem is (with some [RISC optimized code]
> uncertainty :-) ) in samba-4.1.17/source3/lib/talloc_dict.c
> (talloc_dict_traverse_fn) line:
> 
> 148	return state->fn(data_blob_const(key.dptr, key.dsize),
> 149			 *(void **)value.dptr, state->private_data);
> 
> 3-rd parameter eveluation:
> 
> state->private_data  ...dereferencing.

I don't think it's state->private_date, I guess it's value.dptr. Can
you please test attached patch?

-Ralph

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
-------------- next part --------------
From d0da6b748b4671ed1405eef69d19d9a6e3851c3d Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Thu, 26 Nov 2015 11:10:38 +0100
Subject: [PATCH] s3:talloc_dict: fix a SIGBUS when dereferencing unaligned
 pointers

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/lib/talloc_dict.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/lib/talloc_dict.c b/source3/lib/talloc_dict.c
index 71ab899..7594679 100644
--- a/source3/lib/talloc_dict.c
+++ b/source3/lib/talloc_dict.c
@@ -72,7 +72,7 @@ bool talloc_dict_set(struct talloc_dict *dict, DATA_BLOB key, void *pdata)
 			TALLOC_FREE(rec);
 			return false;
 		}
-		old_data = *(void **)(value.dptr);
+		memcpy(&old_data, value.dptr, sizeof(old_data));
 		TALLOC_FREE(old_data);
 		if (data == NULL) {
 			status = dbwrap_record_delete(rec);
@@ -138,6 +138,7 @@ static int talloc_dict_traverse_fn(struct db_record *rec, void *private_data)
 	TDB_DATA value;
 	struct talloc_dict_traverse_state *state =
 		(struct talloc_dict_traverse_state *)private_data;
+	void *p;
 
 	key = dbwrap_record_get_key(rec);
 	value = dbwrap_record_get_value(rec);
@@ -145,8 +146,10 @@ static int talloc_dict_traverse_fn(struct db_record *rec, void *private_data)
 	if (value.dsize != sizeof(void *)) {
 		return -1;
 	}
+
+	memcpy(&p, value.dptr, sizeof(p));
 	return state->fn(data_blob_const(key.dptr, key.dsize),
-			 *(void **)value.dptr, state->private_data);
+			 p, state->private_data);
 }
 
 /*
-- 
2.5.0

