[PATCH] Patch for bug 11535
Ralph Böhme
rb at sernet.de
Wed Sep 30 23:43:56 UTC 2015
On Wed, Sep 30, 2015 at 04:40:24PM -0700, Jeremy Allison wrote:
> On Wed, Sep 30, 2015 at 04:30:23PM -0700, Ralph Böhme wrote:
> > On Wed, Sep 30, 2015 at 04:17:52PM -0700, Jeremy Allison wrote:
> > > On Wed, Sep 30, 2015 at 04:09:00PM -0700, Ralph Böhme wrote:
> > > > Hi,
> > > >
> > > > adding a NULL check seems to be the natural thing to fix a crash I hit
> > > > when running MTM. This passes a private autobuild, so fingers crossed.
> > >
> > > OK, I can't see a code path that leaves dirpath == NULL
> > > and getting to fail:
> >
> > line 387?
> >
> > As I can reproduce the issue I could check which code path actually
> > triggers this, in case you think adding the NULL check is just paving
> > over the problem not fixing it. :)
>
> Oh, now I see it. It's my fault :-).
>
> The fix I added to detect a 'raw' stream
> name means we can 'goto done;' without
> allocating dirpath.
>
> 374 if (smb_fname->base_name[0] == '\0') {
> 375 /*
> 376 * orig_name was just a stream name.
> 377 * This is a stream on the root of
> 378 * the share. Replace base_name with
> 379 * a "."
> 380 */
> 381 smb_fname->base_name =
> 382 talloc_strdup(smb_fname, ".");
> 383 if (smb_fname->base_name == NULL) {
> 384 status = NT_STATUS_NO_MEMORY;
> 385 goto err;
> 386 }
> 387 if (SMB_VFS_STAT(conn, smb_fname) != 0) {
> 388 status = map_nt_error_from_unix(errno);
> 389 goto err;
> 390 }
> 391 DEBUG(5, ("conversion finished %s -> %s\n",
> 392 orig_path,
> 393 smb_fname->base_name));
> 394 goto done;
> 395 }
>
> calls 'goto done;' before dirpath alloc. Sorry.
oh, so we have two bugs. :) Because "my" crash happens after fail
(dereferncing dirpath which is NULL at line 1016), not done.
-slow
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
More information about the samba-technical
mailing list