some valgrind patches
Noel Power
nopower at suse.com
Thu Apr 21 12:57:53 UTC 2016
Hi,
Here are some patches to fix some issues discovered by running
smbtorture itself under valgrind
Noel
-------------- next part --------------
From 1262e28f227554281fe88f8e404948e5474cac8a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:22:02 +0100
Subject: [PATCH 01/33] s4:libnet: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture rpc.dfs.netdfs.StdRoot yields the following valgrind trace
==18861== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18861== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18861== by 0x106CB033: writev_handler (async_sock.c:340)
==18861== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18861== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18861== by 0xBC6D0D2: dcerpc_srvsvc_NetShareDel_r (ndr_srvsvc_c.c:4272)
==18861== by 0x9786C0C: libnet_DelShare (libnet_share.c:195)
==18861== by 0x2E0174: test_NetShareDel (dfs.c:103)
==18861== by 0x2E126F: test_cleanup_stdroot (dfs.c:488)
==18861== Address 0x18869b46 is 598 bytes inside a block of size 1,325 alloc'd
==18861== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18861== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18861== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18861== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18861== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18861== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18861== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18861== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18861== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18861== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/libnet/libnet_share.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/libnet/libnet_share.c b/source4/libnet/libnet_share.c
index 7c9121b..d8e8240 100644
--- a/source4/libnet/libnet_share.c
+++ b/source4/libnet/libnet_share.c
@@ -175,6 +175,7 @@ NTSTATUS libnet_DelShare(struct libnet_context *ctx,
struct srvsvc_NetShareDel s;
ZERO_STRUCT(c);
+ ZERO_STRUCT(s);
c.level = LIBNET_RPC_CONNECT_SERVER;
c.in.name = r->in.server_name;
--
2.1.4
From 277106aa877ba6765f44f51cefa925ff7c9c2501 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:30:52 +0100
Subject: [PATCH 02/33] s4:torture:rpc: fix valgrind Syscall param
writev(vector[...]) error
running smbtorture rpc.srvsvc.srvsvc\ (admin\ access).NetDiskEnum results
in the following valgrind trace
==30237== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30237== at 0xDD01C67: writev (in /lib64/libc-2.19.so)
==30237== by 0xE1D09D4: writev_handler (async_sock.c:340)
==30237== by 0xD81A12A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8185F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8147FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD815ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0x5AC726D: tevent_req_poll_ntstatus (in /usr/lib64/libtevent-util.so.0.0.1)
==30237== by 0x8120CEA: dcerpc_binding_handle_call (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==30237== by 0xA9AC6EC: dcerpc_srvsvc_NetDiskEnum_r (ndr_srvsvc_c.c:5388)
==30237== by 0x2ADDF8: ??? (in /usr/bin/smbtorture)
==30237== by 0x898DF8C: ??? (in /usr/lib64/libtorture.so.0.0.1)
==30237== by 0x1F0816: ??? (in /usr/bin/smbtorture)
==30237== Address 0x15952676 is 598 bytes inside a block of size 1,325 alloc'd
==30237== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30237== by 0xCCCAA73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30237== by 0xD81566D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xA2B7910: smb1cli_req_create (smbXcli_base.c:1322)
==30237== by 0xA2BA4E3: smb1cli_trans_send (smb1cli_trans.c:512)
==30237== by 0xA2C1F91: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==30237== by 0xA2C23AE: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==30237== by 0xAC8E43C: tstream_writev_send (tsocket.c:695)
==30237== by 0xAC8E9BA: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==30237== by 0xD815023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/rpc/srvsvc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/torture/rpc/srvsvc.c b/source4/torture/rpc/srvsvc.c
index 21b67fd..5058dcd 100644
--- a/source4/torture/rpc/srvsvc.c
+++ b/source4/torture/rpc/srvsvc.c
@@ -970,6 +970,7 @@ static bool test_NetDiskEnum(struct torture_context *tctx,
struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(info);
+ ZERO_STRUCT(r);
r.in.server_unc = NULL;
r.in.resume_handle = &resume_handle;
--
2.1.4
From 79ed88c7575f60a83c8222c300bb405bd7cf52fe Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:15:54 +0100
Subject: [PATCH 03/33] s4:torture:rpc: fix valgrind 'Syscall param
writev(vector[...])' error
running smbtorture test rpc.samba3.winreg.winreg yields the following
valgrind trace
==18533== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18533== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18533== by 0x106CB033: writev_handler (async_sock.c:340)
==18533== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18533== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18533== by 0xBBD049F: dcerpc_winreg_EnumValue_r (ndr_winreg_c.c:2354)
==18533== by 0x3D3E3E: enumvalues (samba3rpc.c:2982)
==18533== by 0x3D40A5: enumkeys (samba3rpc.c:3042)
==18533== by 0x3D4085: enumkeys (samba3rpc.c:3041)
==18533== Address 0x1886edd6 is 598 bytes inside a block of size 1,325 alloc'd
==18533== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18533== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18533== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18533== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18533== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18533== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18533== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18533== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18533== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18533== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/rpc/samba3rpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 9e521cd..a578e8c 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -2960,6 +2960,7 @@ static bool enumvalues(struct torture_context *tctx,
NTSTATUS status;
uint32_t size, length;
+ ZERO_STRUCT(buf8);
r.in.handle = handle;
r.in.enum_index = enum_index;
name.name = "";
--
2.1.4
From f92cb9ce89ac3b5dffa0f165c44499d61b60e880 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 15:59:08 +0100
Subject: [PATCH 04/33] s4:torture:rpc: fix valgrind 'Syscall param
writev(vector[...])' valgrind error
when running smbtorture rpc.samba3.regconfig.regconfig
Note: to fix this particular error only the action_taken variable needed
to be initialised. ZERO-ing the structs for completeness.
==14958== Syscall param writev(vector[...]) points to uninitialised byte(s)
==14958== at 0xFB9FC87: writev (in /lib64/libc-2.19.so)
==14958== by 0x106C8003: writev_handler (async_sock.c:340)
==14958== by 0xF67407E: epoll_event_loop (tevent_epoll.c:728)
==14958== by 0xF67469C: epoll_event_loop_once (tevent_epoll.c:926)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
==14958== by 0x9553F42: wrap_simple_test (torture.c:632)
==14958== by 0x955366F: internal_torture_run_test (torture.c:442)
==14958== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14958== by 0x260074: run_matching (smbtorture.c:110)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14958== by 0x261E14: main (smbtorture.c:665)
==14958== Address 0x18868ec6 is 598 bytes inside a block of size 1,325 alloc'd
==14958== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14958== by 0xF45EE38: __talloc_with_prefix (talloc.c:668)
==14958== by 0xF45EFF5: _talloc_pool (talloc.c:721)
==14958== by 0xF45F167: _talloc_pooled_object (talloc.c:790)
==14958== by 0xF66C664: _tevent_req_create (tevent_req.c:66)
==14958== by 0xB0D49CF: smb1cli_req_create (smbXcli_base.c:1322)
==14958== by 0xB0E1E3D: smb1cli_trans_send (smb1cli_trans.c:512)
==14958== by 0xB0ED44D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==14958== by 0xB0EC817: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==14958== by 0xB0EC4A7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==14958== by 0xC259DDA: tstream_writev_send (tsocket.c:695)
==14958== by 0xC25AD44: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==14958== by 0xF66BF73: tevent_queue_immediate_trigger (tevent_queue.c:149)
==14958== by 0xF66BBFB: tevent_common_loop_immediate (tevent_immediate.c:135)
==14958== by 0xF674602: epoll_event_loop_once (tevent_epoll.c:907)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/rpc/samba3rpc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index a578e8c..9da6b54 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -3165,7 +3165,12 @@ static bool torture_samba3_createshare(struct torture_context *tctx,
struct policy_handle new_handle;
struct winreg_CreateKey c;
struct winreg_CloseKey cl;
- enum winreg_CreateAction action_taken;
+ enum winreg_CreateAction action_taken = REG_ACTION_NONE;
+
+ ZERO_STRUCT(c);
+ ZERO_STRUCT(cl);
+ ZERO_STRUCT(hklm);
+ ZERO_STRUCT(new_handle);
c.in.handle = &hklm;
c.in.name.name = talloc_asprintf(
--
2.1.4
From f925a2746e31b894835edd9dc2cb67443ba276cf Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 12:42:06 +0100
Subject: [PATCH 05/33] librpc:rpc: fix 'Invalid read of size 8' valgrind error
running rpc.dsgetinfo.DsGetReplicaInfo results in the following valgrind
trace
==14966== Invalid read of size 8
==14966== at 0x88B2D5D: dcerpc_binding_handle_call (binding_handle.c:538)
==14966== by 0x978F33B: dcerpc_drsuapi_DsUnbind_r (ndr_drsuapi_c.c:319)
==14966== by 0x2E9F19: torture_dsgetinfo_tcase_teardown (dsgetinfo.c:431)
==14966== by 0x95536EF: internal_torture_run_test (torture.c:452)
==14966== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14966== by 0x260074: run_matching (smbtorture.c:110)
==14966== by 0x25FF36: run_matching (smbtorture.c:95)
==14966== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14966== by 0x261E14: main (smbtorture.c:665)
==14966== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==14966==
Signed-off-by: Noel Power <noel.power at suse.com>
---
librpc/rpc/binding_handle.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c
index f5e043d..4111d45 100644
--- a/librpc/rpc/binding_handle.c
+++ b/librpc/rpc/binding_handle.c
@@ -526,7 +526,9 @@ NTSTATUS dcerpc_binding_handle_call(struct dcerpc_binding_handle *h,
/*
* TODO: allow only one sync call
*/
-
+ if (h == NULL) {
+ goto fail;
+ }
if (h->sync_ev) {
ev = h->sync_ev;
} else {
--
2.1.4
From cb0e6d685ed6a0ad859cc19d78829cf7adfd0ff1 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 12:51:32 +0100
Subject: [PATCH 06/33] s4:lib:registry: fix 'Conditional jump or move'
valgrind error.
smbtorture local.registry.diff.dotreg.test_diff_apply produces the following
valgrind trace
==18367== Conditional jump or move depends on uninitialised value(s)
==18367== at 0xA02ED96: reg_dotreg_diff_load (patchfile_dotreg.c:252)
==18367== by 0xA031C6C: reg_diff_load (patchfile.c:375)
==18367== by 0xA0323AB: reg_diff_apply (patchfile.c:542)
==18367== by 0x15F116: test_diff_apply (diff.c:72)
==18367== by 0x955460C: wrap_test_with_simple_test (torture.c:731)
==18367== by 0x955366F: internal_torture_run_test (torture.c:442)
==18367== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==18367== by 0x260074: run_matching (smbtorture.c:110)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==18367==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/lib/registry/patchfile_dotreg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/lib/registry/patchfile_dotreg.c b/source4/lib/registry/patchfile_dotreg.c
index f537b97..49f71f9 100644
--- a/source4/lib/registry/patchfile_dotreg.c
+++ b/source4/lib/registry/patchfile_dotreg.c
@@ -249,7 +249,7 @@ _PUBLIC_ WERROR reg_dotreg_diff_load(int fd,
while ((line = afdgets(fd, mem_ctx, 0))) {
/* Remove '\r' if it's a Windows text file */
- if (line[strlen(line)-1] == '\r') {
+ if (strlen(line) && line[strlen(line)-1] == '\r') {
line[strlen(line)-1] = '\0';
}
--
2.1.4
From 882d72b125bfba899f79b0ab4384793c122d689b Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 11:50:08 +0100
Subject: [PATCH 07/33] s4:torture:basic fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture 'base.aliases.QPATHINFO aliases.QPATHINFO aliases' results in
following valgrind trace
==22469== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22469== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22469== by 0x106CB033: writev_handler (async_sock.c:340)
==22469== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22469== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22469== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22469== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22469== by 0x423431: qpathinfo_aliases (aliases.c:171)
==22469== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22469== by 0x955368F: internal_torture_run_test (torture.c:442)
==22469== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22469== by 0x2600A4: run_matching (smbtorture.c:110)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22469== by 0x261E44: main (smbtorture.c:665)
==22469== Address 0x187dfb86 is 598 bytes inside a block of size 1,325 alloc'd
==22469== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22469== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22469== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22469== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22469== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22469== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22469== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22469== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22469== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22469== by 0x423431: qpathinfo_aliases (aliases.c:171)
==22469== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22469== by 0x955368F: internal_torture_run_test (torture.c:442)
==22469== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22469== by 0x2600A4: run_matching (smbtorture.c:110)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22469== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index acd33a4..40a22a7 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -150,6 +150,7 @@ static bool qpathinfo_aliases(struct torture_context *tctx, struct smbcli_state
const char *fname = "\\qpathinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 2;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -159,7 +160,6 @@ static bool qpathinfo_aliases(struct torture_context *tctx, struct smbcli_state
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 6);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From 3740dd76bf1aea034854289d97077bc8a82e5ff9 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 11:57:58 +0100
Subject: [PATCH 08/33] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error
running smbtorture test base.aliases.FINDFIRST aliases.FINDFIRST aliases
results in the following valgrind trace
==22639== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22639== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22639== by 0x106CB033: writev_handler (async_sock.c:340)
==22639== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22639== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22639== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22639== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22639== by 0x423672: findfirst_aliases (aliases.c:213)
==22639== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22639== by 0x955368F: internal_torture_run_test (torture.c:442)
==22639== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22639== by 0x2600A4: run_matching (smbtorture.c:110)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22639== by 0x261E44: main (smbtorture.c:665)
==22639== Address 0x187dfd26 is 598 bytes inside a block of size 1,325 alloc'd
==22639== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22639== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22639== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22639== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22639== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22639== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22639== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22639== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22639== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22639== by 0x423672: findfirst_aliases (aliases.c:213)
==22639== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22639== by 0x955368F: internal_torture_run_test (torture.c:442)
==22639== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22639== by 0x2600A4: run_matching (smbtorture.c:110)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22639== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 40a22a7..3e829ac 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -192,6 +192,7 @@ static bool findfirst_aliases(struct torture_context *tctx, struct smbcli_state
const char *fname = "\\findfirst_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 16;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -201,7 +202,6 @@ static bool findfirst_aliases(struct torture_context *tctx, struct smbcli_state
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 12);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From 684cfee3078b6e2118e247419de5181fa53945d3 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 12:20:35 +0100
Subject: [PATCH 09/33] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error
smbtorture test base.aliases.setfileinfo_aliases.setfileinfo_aliases
results in the following valgrind trace
==22757== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22757== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22757== by 0x106CB033: writev_handler (async_sock.c:340)
==22757== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22757== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22757== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22757== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22757== by 0x423C91: setfileinfo_aliases (aliases.c:327)
==22757== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22757== by 0x955368F: internal_torture_run_test (torture.c:442)
==22757== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22757== by 0x2600A4: run_matching (smbtorture.c:110)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22757== by 0x261E44: main (smbtorture.c:665)
==22757== Address 0x187dfee6 is 598 bytes inside a block of size 1,325 alloc'd
==22757== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22757== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22757== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22757== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22757== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22757== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22757== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22757== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22757== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22757== by 0x423C91: setfileinfo_aliases (aliases.c:327)
==22757== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22757== by 0x955368F: internal_torture_run_test (torture.c:442)
==22757== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22757== by 0x2600A4: run_matching (smbtorture.c:110)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22757== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 3e829ac..3528b2f 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -306,6 +306,7 @@ static bool setfileinfo_aliases(struct torture_context *tctx, struct smbcli_stat
const char *fname = "\\setfileinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 2;
t2.in.max_data = 0;
t2.in.max_setup = 0;
@@ -315,7 +316,6 @@ static bool setfileinfo_aliases(struct torture_context *tctx, struct smbcli_stat
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 6);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From 31cff4af255d33a2727d2c089ded29bdaf3fd173 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 12:37:03 +0100
Subject: [PATCH 10/33] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error.
smbtorture test base.aliases.setpathinfo_aliases.setpathinfo_aliases
results in the following valgrind trace
==23067== Syscall param writev(vector[...]) points to uninitialised byte(s)
==23067== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==23067== by 0x106CB033: writev_handler (async_sock.c:340)
==23067== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==23067== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==23067== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==23067== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==23067== by 0x423EB4: setpathinfo_aliases (aliases.c:367)
==23067== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23067== by 0x955368F: internal_torture_run_test (torture.c:442)
==23067== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23067== by 0x2600A4: run_matching (smbtorture.c:110)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23067== by 0x261E44: main (smbtorture.c:665)
==23067== Address 0x187e0096 is 598 bytes inside a block of size 1,325 alloc'd
==23067== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23067== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==23067== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==23067== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==23067== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==23067== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==23067== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==23067== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==23067== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==23067== by 0x423EB4: setpathinfo_aliases (aliases.c:367)
==23067== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23067== by 0x955368F: internal_torture_run_test (torture.c:442)
==23067== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23067== by 0x2600A4: run_matching (smbtorture.c:110)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23067== by 0x261E44: main (smbtorture.c:665)
==23067==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 3528b2f..ee3ea50 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -345,6 +345,7 @@ static bool setpathinfo_aliases(struct torture_context *tctx,
const char *fname = "\\setpathinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 32;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -354,7 +355,6 @@ static bool setpathinfo_aliases(struct torture_context *tctx,
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 4);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
--
2.1.4
From b444c93d017f16b64dc2ea93340059e562014cdb Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 13:02:59 +0100
Subject: [PATCH 11/33] s4:libcli: fix 'Conditional jump or move' valgrind
error
smbtorture test base.tcondev.tcondev causes the following valgrind trace
==23282== Conditional jump or move depends on uninitialised value(s)
==23282== at 0x9BE5632: smbcli_tconX (cliconnect.c:148)
==23282== by 0x41021C: tcon_devtest (base.c:91)
==23282== by 0x411A01: run_tcon_devtype_test (base.c:522)
==23282== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23282== by 0x955368F: internal_torture_run_test (torture.c:442)
==23282== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23282== by 0x2600A4: run_matching (smbtorture.c:110)
==23282== by 0x25FF66: run_matching (smbtorture.c:95)
==23282== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23282== by 0x261E44: main (smbtorture.c:665)
==23282==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/libcli/cliconnect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c
index 35d963e..58118b0 100644
--- a/source4/libcli/cliconnect.c
+++ b/source4/libcli/cliconnect.c
@@ -142,13 +142,16 @@ NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename,
tcon.tconx.in.device = devtype;
status = smb_raw_tcon(cli->tree, mem_ctx, &tcon);
-
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
cli->tree->tid = tcon.tconx.out.tid;
if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
smb1cli_session_protect_session_key(cli->tree->session->smbXcli);
}
+out:
talloc_free(mem_ctx);
return status;
--
2.1.4
From 8e363c12d80905857b699727b4700f8d43886a6a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 14:30:44 +0100
Subject: [PATCH 12/33] s4:torture:basic: fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture test base.winattr.winattr yields the following trace
==25514== Syscall param writev(vector[...]) points to uninitialised byte(s)
==25514== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==25514== by 0x106CB033: writev_handler (async_sock.c:340)
==25514== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==25514== by 0x5AEEC7E: smb_raw_nttrans_recv (rawtrans.c:408)
==25514== by 0x5AF6543: smb_raw_query_secdesc_recv (rawacl.c:67)
==25514== by 0x5AF580F: smb_raw_fileinfo_recv (rawfileinfo.c:699)
==25514== by 0x5AF58BE: smb_raw_fileinfo (rawfileinfo.c:721)
==25514== by 0x454AC3: torture_winattrtest (attr.c:217)
==25514== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==25514== by 0x955368F: internal_torture_run_test (torture.c:442)
==25514== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==25514== by 0x2600A4: run_matching (smbtorture.c:110)
==25514== by 0x25FF66: run_matching (smbtorture.c:95)
==25514== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==25514== by 0x261E44: main (smbtorture.c:665)
==25514== Address 0x187d69c6 is 598 bytes inside a block of size 1,325 alloc'd
==25514== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25514== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==25514== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==25514== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==25514== by 0x5AEE9B2: smb_raw_nttrans_send (rawtrans.c:310)
==25514== by 0x5AF64F0: smb_raw_query_secdesc_send (rawacl.c:51)
==25514== by 0x5AF56E5: smb_raw_fileinfo_send (rawfileinfo.c:658)
==25514== by 0x5AF58A3: smb_raw_fileinfo (rawfileinfo.c:720)
==25514== by 0x454AC3: torture_winattrtest (attr.c:217)
==25514== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==25514== by 0x955368F: internal_torture_run_test (torture.c:442)
==25514== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==25514== by 0x2600A4: run_matching (smbtorture.c:110)
==25514== by 0x25FF66: run_matching (smbtorture.c:95)
==25514== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==25514== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/attr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source4/torture/basic/attr.c b/source4/torture/basic/attr.c
index 8d51fa3..9eb9ec8 100644
--- a/source4/torture/basic/attr.c
+++ b/source4/torture/basic/attr.c
@@ -198,7 +198,8 @@ bool torture_winattrtest(struct torture_context *tctx,
union smb_fileinfo query, query_org;
NTSTATUS status;
struct security_descriptor *sd1, *sd2;
-
+ ZERO_STRUCT(query);
+ ZERO_STRUCT(query_org);
/* Test winattrs for file */
smbcli_unlink(cli1->tree, fname);
--
2.1.4
From f24cc0b6cdd1f25160259e7a24e8e95d41467d3b Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 15:52:12 +0100
Subject: [PATCH 13/33] s4:torture:basic: fix 'Conditional jump or move '
valgrind error
running smbtorture test base.bench-holdopen.bench-holdopen yields the
following valgrind trace.
==29953== Conditional jump or move depends on uninitialised value(s)
==29953== at 0xF4634F0: _talloc_zero_array (in /usr/lib64/libtalloc.so.2.1.5)
==29953== by 0x5AE257E: smbcli_request_setup_transport (rawrequest.c:101)
==29953== by 0x5AE04AF: smb_raw_echo_send (clitransport.c:554)
==29953== by 0x5AE0774: smb_raw_echo (clitransport.c:609)
==29953== by 0x4183D3: torture_holdopen (misc.c:288)
==29953== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==29953== by 0x955368F: internal_torture_run_test (torture.c:442)
==29953== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29953== by 0x2600A4: run_matching (smbtorture.c:110)
==29953== by 0x25FF66: run_matching (smbtorture.c:95)
==29953== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==29953== by 0x261E44: main (smbtorture.c:665)
==29953==
==29953== Conditional jump or move depends on uninitialised value(s)
==29953== at 0xF4630E3: _talloc_zero (in /usr/lib64/libtalloc.so.2.1.5)
==29953== by 0x5AE257E: smbcli_request_setup_transport (rawrequest.c:101)
==29953== by 0x5AE04AF: smb_raw_echo_send (clitransport.c:554)
==29953== by 0x5AE0774: smb_raw_echo (clitransport.c:609)
==29953== by 0x4183D3: torture_holdopen (misc.c:288)
==29953== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==29953== by 0x955368F: internal_torture_run_test (torture.c:442)
==29953== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29953== by 0x2600A4: run_matching (smbtorture.c:110)
==29953== by 0x25FF66: run_matching (smbtorture.c:95)
==29953== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==29953== by 0x261E44: main (smbtorture.c:665)
==29953==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/basic/misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
index 4e84e38..cbf1e9f 100644
--- a/source4/torture/basic/misc.c
+++ b/source4/torture/basic/misc.c
@@ -284,7 +284,7 @@ bool torture_holdopen(struct torture_context *tctx,
while (1) {
struct smb_echo ec;
-
+ ZERO_STRUCT(ec);
status = smb_raw_echo(cli->transport, &ec);
torture_comment(tctx, ".");
fflush(stdout);
--
2.1.4
From 97ada955934f21e5daa086855906ed1401b2a2be Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:04:26 +0100
Subject: [PATCH 14/33] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.open.chained-ntcreatex.chained-ntcreatex results
in the following valgrind trace
==30405== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30405== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30405== by 0x106CB033: writev_handler (async_sock.c:340)
==30405== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30405== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30405== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30405== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30405== by 0x1A66B4: test_chained_ntcreatex_readx (open.c:1735)
==30405== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30405== by 0x955368F: internal_torture_run_test (torture.c:442)
==30405== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30405== by 0x2600A4: run_matching (smbtorture.c:110)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==30405== by 0x261E44: main (smbtorture.c:665)
==30405== Address 0x187e1196 is 598 bytes inside a block of size 1,325 alloc'd
==30405== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30405== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30405== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30405== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30405== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30405== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30405== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30405== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30405== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30405== by 0x1A66B4: test_chained_ntcreatex_readx (open.c:1735)
==30405== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30405== by 0x955368F: internal_torture_run_test (torture.c:442)
==30405== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30405== by 0x2600A4: run_matching (smbtorture.c:110)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==30405== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/open.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index dc76b0b..2b8546c 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -1699,6 +1699,7 @@ static bool test_chained_ntcreatex_readx(struct torture_context *tctx, struct sm
bool ret = true;
const char buf[] = "test";
char buf2[4];
+ ZERO_STRUCT(io);
torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
--
2.1.4
From 87e1cb482f09da0c082e801ac417abe5590c2f31 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:20:55 +0100
Subject: [PATCH 15/33] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.open.openx-over-dir.openx-over-dir results in
the following valgrind trace
==30597== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30597== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30597== by 0x106CB033: writev_handler (async_sock.c:340)
==30597== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30597== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30597== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30597== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30597== by 0x1A57F0: test_openx_over_dir (open.c:1495)
==30597== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30597== by 0x955368F: internal_torture_run_test (torture.c:442)
==30597== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30597== by 0x2600BD: run_matching (smbtorture.c:110)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x2601DE: torture_run_named_tests (smbtorture.c:143)
==30597== by 0x261E5D: main (smbtorture.c:665)
==30597== Address 0x187e41d6 is 598 bytes inside a block of size 1,325 alloc'd
==30597== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30597== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30597== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30597== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30597== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30597== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30597== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30597== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30597== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30597== by 0x1A57F0: test_openx_over_dir (open.c:1495)
==30597== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30597== by 0x955368F: internal_torture_run_test (torture.c:442)
==30597== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30597== by 0x2600BD: run_matching (smbtorture.c:110)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x2601DE: torture_run_named_tests (smbtorture.c:143)
==30597== by 0x261E5D: main (smbtorture.c:665)
==30597==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/open.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index 2b8546c..2b4a699 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -1469,6 +1469,8 @@ static bool test_openx_over_dir(struct torture_context *tctx, struct smbcli_stat
int fnum = -1;
bool ret = true;
+ ZERO_STRUCT(io);
+
torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
/* Create the Directory */
--
2.1.4
From a34e94b66335204c3d4c51a702995ffed4691157 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:34:06 +0100
Subject: [PATCH 16/33] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.streams.createdisp.createdisp results in
the following valgrind trace
==30946== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30946== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30946== by 0x106CB033: writev_handler (async_sock.c:340)
==30946== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30946== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30946== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30946== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30946== by 0x209F0D: create_file_with_stream (streams.c:1502)
==30946== by 0x20A072: test_stream_create_disposition (streams.c:1527)
==30946== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30946== by 0x955368F: internal_torture_run_test (torture.c:442)
==30946== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30946== by 0x2600D6: run_matching (smbtorture.c:110)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x2601F7: torture_run_named_tests (smbtorture.c:143)
==30946== by 0x261E76: main (smbtorture.c:665)
==30946== Address 0x187ebbc6 is 598 bytes inside a block of size 1,325 alloc'd
==30946== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30946== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30946== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30946== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30946== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30946== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30946== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30946== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30946== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30946== by 0x209F0D: create_file_with_stream (streams.c:1502)
==30946== by 0x20A072: test_stream_create_disposition (streams.c:1527)
==30946== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30946== by 0x955368F: internal_torture_run_test (torture.c:442)
==30946== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30946== by 0x2600D6: run_matching (smbtorture.c:110)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x2601F7: torture_run_named_tests (smbtorture.c:143)
==30946== by 0x261E76: main (smbtorture.c:665
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/streams.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/streams.c b/source4/torture/raw/streams.c
index 103a2c3..8c60d6c 100644
--- a/source4/torture/raw/streams.c
+++ b/source4/torture/raw/streams.c
@@ -1473,6 +1473,8 @@ static bool create_file_with_stream(struct torture_context *tctx,
bool ret = true;
union smb_open io;
+ ZERO_STRUCT(io);
+
/* Create a file with a stream */
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid.fnum = 0;
--
2.1.4
From 77d0610e742f6f25f205b41ab9d4aa58f24f51e1 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 17:02:29 +0100
Subject: [PATCH 17/33] s4:torture:raw: fix 'use of uninitialised value of size
8' valgrind errors
smbtorture test raw.acls.create_file.create_file produces the following
valgrind trace
==31783== Use of uninitialised value of size 8
==31783== at 0xFB0B061: _itoa_word (in /lib64/libc-2.19.so)
==31783== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==31783== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==31783== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==31783== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==31783== by 0x3E591A: ndr_print_security_ace (ndr_security.c:539)
==31783== by 0x3E621A: ndr_print_security_acl (ndr_security.c:642)
==31783== by 0x3E7A3F: ndr_print_security_descriptor (ndr_security.c:890)
==31783== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==31783== by 0x20C91F: verify_sd (acls.c:89)
==31783== by 0x20D8C3: test_nttrans_create_ext (acls.c:306)
==31783== by 0x20E3A8: test_nttrans_create_file (acls.c:381)
==31783== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==31783== by 0x955368F: internal_torture_run_test (torture.c:442)
==31783== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==31783== by 0x260108: run_matching (smbtorture.c:110)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x260229: torture_run_named_tests (smbtorture.c:143)
==31783== by 0x261EA8: main (smbtorture.c:665)
==31783==
==31783== Conditional jump or move depends on uninitialised value(s)
==31783== at 0xFB0B068: _itoa_word (in /lib64/libc-2.19.so)
==31783== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==31783== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==31783== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==31783== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==31783== by 0x3E591A: ndr_print_security_ace (ndr_security.c:539)
==31783== by 0x3E621A: ndr_print_security_acl (ndr_security.c:642)
==31783== by 0x3E7A3F: ndr_print_security_descriptor (ndr_security.c:890)
==31783== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==31783== by 0x20C91F: verify_sd (acls.c:89)
==31783== by 0x20D8C3: test_nttrans_create_ext (acls.c:306)
==31783== by 0x20E3A8: test_nttrans_create_file (acls.c:381)
==31783== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==31783== by 0x955368F: internal_torture_run_test (torture.c:442)
==31783== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==31783== by 0x260108: run_matching (smbtorture.c:110)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x260229: torture_run_named_tests (smbtorture.c:143)
==31783== by 0x261EA8: main (smbtorture.c:665)
==31783==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/acls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 360d937..dfeb13d 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -238,6 +238,8 @@ static bool test_nttrans_create_ext(struct torture_context *tctx,
NTSTATUS (*delete_func)(struct smbcli_tree *, const char *) =
test_dir ? smbcli_rmdir : smbcli_unlink;
+ ZERO_STRUCT(ace);
+
if (!torture_setup_dir(cli, BASEDIR))
return false;
--
2.1.4
From b492c63f3394f61e23bd81dd02c12c378543ec7e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 17:37:57 +0100
Subject: [PATCH 18/33] s4:torture:raw: fix 'Conditional jump or move' valgrind
error.
smbtorture test raw.bench-tcon.bench-tcon produces the following valgrind
trace
==32163== Conditional jump or move depends on uninitialised value(s)
==32163== at 0x1F9D61: rate_convert_secs (tconrate.c:149)
==32163== by 0x1FA04C: torture_bench_treeconnect (tconrate.c:189)
==32163== by 0x9553F62: wrap_simple_test (torture.c:632)
==32163== by 0x955368F: internal_torture_run_test (torture.c:442)
==32163== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==32163== by 0x260121: run_matching (smbtorture.c:110)
==32163== by 0x25FFE3: run_matching (smbtorture.c:95)
==32163== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==32163== by 0x261EC1: main (smbtorture.c:665)
==32163==
==32163== Use of uninitialised value of size 8
==32163== at 0xFB0B0BB: _itoa_word (in /lib64/libc-2.19.so)
==32163== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==32163== by 0xFB15598: printf (in /lib64/libc-2.19.so)
==32163== by 0x1FA064: torture_bench_treeconnect (tconrate.c:188)
==32163== by 0x9553F62: wrap_simple_test (torture.c:632)
==32163== by 0x955368F: internal_torture_run_test (torture.c:442)
==32163== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==32163== by 0x260121: run_matching (smbtorture.c:110)
==32163== by 0x25FFE3: run_matching (smbtorture.c:95)
==32163== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==32163== by 0x261EC1: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/tconrate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c
index 6673f11..ae7d544 100644
--- a/source4/torture/raw/tconrate.c
+++ b/source4/torture/raw/tconrate.c
@@ -161,7 +161,7 @@ bool torture_bench_treeconnect(struct torture_context *tctx)
int nprocs = torture_setting_int(tctx, "nprocs", 4);
int *curr_counts = map_count_buffer(nprocs, sizeof(int));
- int *last_counts = talloc_array(NULL, int, nprocs);
+ int *last_counts = talloc_zero_array(NULL, int, nprocs);
struct timeval now, last, start;
int i, delta;
--
2.1.4
From fd63db1a0f55223579e86fd4a70b7782ef4b022b Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 18:42:57 +0100
Subject: [PATCH 19/33] s4:torture:raw: fix 'Invalid read of size 1 &
Conditional jump or move' errors.
smbtorture test raw.offline.offline generates the following valgrind trace(s).
==5130== at 0x2223AF: loadfile_callback (offline.c:107)
==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208)
==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0x223A16: torture_test_offline (offline.c:493)
==5130== by 0x9553F62: wrap_simple_test (torture.c:632)
==5130== by 0x955368F: internal_torture_run_test (torture.c:442)
==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5130== by 0x260121: run_matching (smbtorture.c:110)
==5130== by 0x25FFE3: run_matching (smbtorture.c:95)
==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==5130== by 0x261EC1: main (smbtorture.c:665)
==5130== Address 0x188b80d0 is 96 bytes inside a block of size 8,288 free'd
==5130== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5130== by 0xF4673A3: ??? (in /usr/lib64/libtalloc.so.2.1.5)
==5130== by 0xF460E42: _talloc_free (in /usr/lib64/libtalloc.so.2.1.5)
==5130== by 0x5AF7635: smb_composite_loadfile_recv (loadfile.c:278)
==5130== by 0x2222F7: loadfile_callback (offline.c:91)
==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208)
==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0x223A16: torture_test_offline (offline.c:493)
==5130== by 0x9553F62: wrap_simple_test (torture.c:632)
==5130== by 0x955368F: internal_torture_run_test (torture.c:442)
==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5130== by 0x260121: run_matching (smbtorture.c:110)
==5130== by 0x25FFE3: run_matching (smbtorture.c:95)
==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==5130== by 0x261EC1: main (smbtorture.c:665)
==5130==
AND
==5428== Conditional jump or move depends on uninitialised value(s)
==5428== at 0x22270E: getoffline_callback (offline.c:197)
==5428== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5428== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0x223A1B: torture_test_offline (offline.c:494)
==5428== by 0x9553F62: wrap_simple_test (torture.c:632)
==5428== by 0x955368F: internal_torture_run_test (torture.c:442)
==5428== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5428== by 0x260126: run_matching (smbtorture.c:110)
==5428== by 0x25FFE8: run_matching (smbtorture.c:95)
==5428== by 0x260247: torture_run_named_tests (smbtorture.c:143)
==5428== by 0x261EC6: main (smbtorture.c:665)
==5428==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/raw/offline.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/raw/offline.c b/source4/torture/raw/offline.c
index 85b1235..9391b09 100644
--- a/source4/torture/raw/offline.c
+++ b/source4/torture/raw/offline.c
@@ -93,6 +93,7 @@ static void loadfile_callback(struct composite_context *ctx)
printf("Failed to read file '%s' - %s\n",
state->loadfile->in.fname, nt_errstr(status));
test_failed++;
+ return;
}
/* check the data is correct */
@@ -184,6 +185,8 @@ static void getoffline_callback(struct smbcli_request *req)
NTSTATUS status;
union smb_fileinfo io;
+ ZERO_STRUCT(io);
+
io.getattr.level = RAW_FILEINFO_GETATTR;
status = smb_raw_pathinfo_recv(req, state->mem_ctx, &io);
--
2.1.4
From d1d0e615aee4d9410187796d87dbd3e942e99cdf Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 19:12:27 +0100
Subject: [PATCH 20/33] s4:torture:smb2: fix Use of 'uninitialised value of
size 8' valgrind error.
smbtorture test smb2.create.aclfile.aclfile produces the following
valgrind trace
==6025== Use of uninitialised value of size 8
==6025== at 0xFB0B061: _itoa_word (in /lib64/libc-2.19.so)
==6025== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==6025== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==6025== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==6025== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==6025== by 0x3E5951: ndr_print_security_ace (ndr_security.c:539)
==6025== by 0x3E6251: ndr_print_security_acl (ndr_security.c:642)
==6025== by 0x3E7A76: ndr_print_security_descriptor (ndr_security.c:890)
==6025== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==6025== by 0x45FCB6: smb2_util_verify_sd (util.c:598)
==6025== by 0x502246: test_create_acl_ext (create.c:634)
==6025== by 0x506E13: test_create_acl_file (create.c:1232)
==6025== by 0x48B420: wrap_simple_1smb2_test (smb2.c:52)
==6025== by 0x955368F: internal_torture_run_test (torture.c:442)
==6025== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6025== by 0x26013F: run_matching (smbtorture.c:110)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6025== by 0x261EDF: main (smbtorture.c:665)
==6025==
==6025== Conditional jump or move depends on uninitialised value(s)
==6025== at 0xFB0B068: _itoa_word (in /lib64/libc-2.19.so)
==6025== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==6025== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==6025== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==6025== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==6025== by 0x3E5951: ndr_print_security_ace (ndr_security.c:539)
==6025== by 0x3E6251: ndr_print_security_acl (ndr_security.c:642)
==6025== by 0x3E7A76: ndr_print_security_descriptor (ndr_security.c:890)
==6025== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==6025== by 0x45FCB6: smb2_util_verify_sd (util.c:598)
==6025== by 0x502246: test_create_acl_ext (create.c:634)
==6025== by 0x506E13: test_create_acl_file (create.c:1232)
==6025== by 0x48B420: wrap_simple_1smb2_test (smb2.c:52)
==6025== by 0x955368F: internal_torture_run_test (torture.c:442)
==6025== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6025== by 0x26013F: run_matching (smbtorture.c:110)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6025== by 0x261EDF: main (smbtorture.c:665)
==6025==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/create.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 1275aa8..7e6be8d 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -578,6 +578,8 @@ static bool test_create_acl_ext(struct torture_context *tctx, struct smb2_tree *
NTSTATUS (*delete_func)(struct smb2_tree *, const char *) =
test_dir ? smb2_util_rmdir : smb2_util_unlink;
+ ZERO_STRUCT(ace);
+
smb2_deltree(tree, FNAME);
ZERO_STRUCT(io);
--
2.1.4
From 1fcde7868228ad710d5c9a139e754a898168cf9a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 19:49:02 +0100
Subject: [PATCH 21/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.notify.mask.mask
==6451== Use of uninitialised value of size 8
==6451== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==6451== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==6451== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==6451== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==6451== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==6451== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==6451== by 0x5B030F3: smb2_close_send (close.c:42)
==6451== by 0x5B0358A: smb2_close (close.c:78)
==6451== by 0x5B087B3: smb2_util_close (util.c:40)
==6451== by 0x483E97: torture_smb2_notify_mask (notify.c:1061)
==6451== by 0x48B783: wrap_simple_2smb2_test (smb2.c:112)
==6451== by 0x955368F: internal_torture_run_test (torture.c:442)
==6451== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6451== by 0x26013F: run_matching (smbtorture.c:110)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6451== by 0x261EDF: main (smbtorture.c:665)
==6451==
==6451== Use of uninitialised value of size 8
==6451== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==6451== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==6451== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==6451== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==6451== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==6451== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==6451== by 0x5B030F3: smb2_close_send (close.c:42)
==6451== by 0x5B0358A: smb2_close (close.c:78)
==6451== by 0x5B087B3: smb2_util_close (util.c:40)
==6451== by 0x483E97: torture_smb2_notify_mask (notify.c:1061)
==6451== by 0x48B783: wrap_simple_2smb2_test (smb2.c:112)
==6451== by 0x955368F: internal_torture_run_test (torture.c:442)
==6451== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6451== by 0x26013F: run_matching (smbtorture.c:110)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6451== by 0x261EDF: main (smbtorture.c:665)
==6451==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/notify.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
index b804ebc..e045f25 100644
--- a/source4/torture/smb2/notify.c
+++ b/source4/torture/smb2/notify.c
@@ -866,6 +866,8 @@ static bool torture_smb2_notify_mask(struct torture_context *torture,
torture_comment(torture, "TESTING CHANGE NOTIFY COMPLETION FILTERS\n");
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
/*
get a handle on the directory
*/
--
2.1.4
From 1a59e4672f5faf18d6f602ff0ad51a5c0ef24e4f Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 20:28:32 +0100
Subject: [PATCH 22/33] s4:torture:smb2 fix 'Use of uninitialised value of size
8' valgrind error.
smbtorture test smb2.oplock.batch10.batch10 produces the following
valgrind trace
Use of uninitialised value of size 8
==9662== at 0x8F005A1: _samba_rijndaelEncrypt (rijndael-alg-fst.c:956)
==9662== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==9662== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==9662== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==9662== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==9662== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==9662== by 0x5B04C89: smb2_write_send (write.c:49)
==9662== by 0x5B04F85: smb2_write (write.c:79)
==9662== by 0x4AD523: test_smb2_oplock_batch10 (oplock.c:1820)
==9662== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==9662== by 0x955368F: internal_torture_run_test (torture.c:442)
==9662== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==9662== by 0x26013F: run_matching (smbtorture.c:110)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==9662== by 0x261EDF: main (smbtorture.c:665)
==9662==
==9662== Use of uninitialised value of size 8
==9662== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==9662== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==9662== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==9662== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==9662== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==9662== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==9662== by 0x5B04C89: smb2_write_send (write.c:49)
==9662== by 0x5B04F85: smb2_write (write.c:79)
==9662== by 0x4AD523: test_smb2_oplock_batch10 (oplock.c:1820)
==9662== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==9662== by 0x955368F: internal_torture_run_test (torture.c:442)
==9662== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==9662== by 0x26013F: run_matching (smbtorture.c:110)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==9662== by 0x261EDF: main (smbtorture.c:665)
==9662==
Please enter the commit message for your changes. Lines starting
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/oplock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index fdd29c3..7071779 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -1811,7 +1811,7 @@ static bool test_smb2_oplock_batch10(struct torture_context *tctx,
{
struct smb2_write wr;
DATA_BLOB data;
- data = data_blob_talloc(tree1, NULL, UINT16_MAX);
+ data = data_blob_talloc_zero(tree1, UINT16_MAX);
data.data[0] = (const uint8_t)'x';
ZERO_STRUCT(wr);
wr.in.file.handle = h1;
--
2.1.4
From 05673d5504e7fa07186c9755511f6366ae676f4c Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 09:53:50 +0100
Subject: [PATCH 23/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture smb2.oplock.brl1.brl1 generates the following valgrind trace
==16002== Use of uninitialised value of size 8
==16002== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
==16002== Use of uninitialised value of size 8
==16002== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
==16002== Use of uninitialised value of size 8
==16002== at 0x8F006AF: _samba_rijndaelEncrypt (rijndael-alg-fst.c:968)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/oplock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 7071779..165c4d7 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3339,6 +3339,9 @@ static bool test_smb2_oplock_brl1(struct torture_context *tctx,
ZERO_STRUCT(break_info);
torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From 07d00ee221cafcfe2863aa64db017174527dc0bb Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:07:21 +0100
Subject: [PATCH 24/33] s4:torture:smb2 fix 'Use of uninitialised value of size
8' valgrind error.
smbtorture test smb2.oplock.brl2.brl2 generates the following
valgrind trace
==16443== Use of uninitialised value of size 8
==16443== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16443== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16443== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16443== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16443== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16443== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16443== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16443== by 0x5B07AAE: smb2_lock (lock.c:80)
==16443== by 0x4B5971: test_smb2_oplock_brl2 (oplock.c:3464)
==16443== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16443== by 0x955368F: internal_torture_run_test (torture.c:442)
==16443== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16443== by 0x26013F: run_matching (smbtorture.c:110)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16443== by 0x261EDF: main (smbtorture.c:665)
==16443==
==16443== Use of uninitialised value of size 8
==16443== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16443== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16443== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16443== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16443== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16443== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16443== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16443== by 0x5B07AAE: smb2_lock (lock.c:80)
==16443== by 0x4B5971: test_smb2_oplock_brl2 (oplock.c:3464)
==16443== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16443== by 0x955368F: internal_torture_run_test (torture.c:442)
==16443== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16443== by 0x26013F: run_matching (smbtorture.c:110)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16443== by 0x261EDF: main (smbtorture.c:665)
==16443==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/oplock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 165c4d7..e156dc6 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3451,6 +3451,8 @@ static bool test_smb2_oplock_brl2(struct torture_context *tctx, struct smb2_tree
torture_comment(tctx, "a self BRL acquisition should not break to "
"none\n");
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From 15d2a07c11f190d8f611b4ce9f6850f776e517bd Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:11:16 +0100
Subject: [PATCH 25/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error
smbtorture test smb2.oplock.brl3.brl3 generated the following valgrind
trace
==16564== Use of uninitialised value of size 8
==16564== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16564== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16564== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16564== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16564== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16564== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16564== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16564== by 0x5B07AAE: smb2_lock (lock.c:80)
==16564== by 0x4B62B1: test_smb2_oplock_brl3 (oplock.c:3578)
==16564== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16564== by 0x955368F: internal_torture_run_test (torture.c:442)
==16564== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16564== by 0x26013F: run_matching (smbtorture.c:110)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16564== by 0x261EDF: main (smbtorture.c:665)
==16564==
==16564== Use of uninitialised value of size 8
==16564== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16564== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16564== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16564== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16564== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16564== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16564== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16564== by 0x5B07AAE: smb2_lock (lock.c:80)
==16564== by 0x4B62B1: test_smb2_oplock_brl3 (oplock.c:3578)
==16564== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16564== by 0x955368F: internal_torture_run_test (torture.c:442)
==16564== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16564== by 0x26013F: run_matching (smbtorture.c:110)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16564== by 0x261EDF: main (smbtorture.c:665)
==16564==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/oplock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index e156dc6..ead341d 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3565,6 +3565,8 @@ static bool test_smb2_oplock_brl3(struct torture_context *tctx, struct smb2_tree
torture_comment(tctx, "a self BRL acquisition should break to none\n");
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From 69cdd66b7b90dc5eb5fc0b2c113aac92e3df6439 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:22:37 +0100
Subject: [PATCH 26/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.io.io generates the following valgrind trace
==16652== Use of uninitialised value of size 8
==16652== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==16652== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16652== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16652== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16652== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16652== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16652== by 0x5B030F3: smb2_close_send (close.c:42)
==16652== by 0x5B0358A: smb2_close (close.c:78)
==16652== by 0x5B087B3: smb2_util_close (util.c:40)
==16652== by 0x51AF21: test_stream_io (streams.c:480)
==16652== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16652== by 0x955368F: internal_torture_run_test (torture.c:442)
==16652== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16652== by 0x26013F: run_matching (smbtorture.c:110)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16652== by 0x261EDF: main (smbtorture.c:665)
==16652==
==16652== Use of uninitialised value of size 8
==16652== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16652== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16652== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16652== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16652== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16652== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16652== by 0x5B030F3: smb2_close_send (close.c:42)
==16652== by 0x5B0358A: smb2_close (close.c:78)
==16652== by 0x5B087B3: smb2_util_close (util.c:40)
==16652== by 0x51AF21: test_stream_io (streams.c:480)
==16652== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16652== by 0x955368F: internal_torture_run_test (torture.c:442)
==16652== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16652== by 0x26013F: run_matching (smbtorture.c:110)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16652== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index d9098af..14e5288 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -318,6 +318,9 @@ static bool test_stream_io(struct torture_context *tctx,
const char *three[] = { "::$DATA", ":Stream One:$DATA",
":Second Stream:$DATA" };
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h2);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
"Second Stream");
--
2.1.4
From 2c6ca2dc1f0ffadae76149ceb9b154e09da1502a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:32:48 +0100
Subject: [PATCH 27/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.sharemodes.sharemodes generates the following valgrind
trace
==16980== Use of uninitialised value of size 8
==16980== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==16980== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16980== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16980== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16980== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16980== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16980== by 0x5B030F3: smb2_close_send (close.c:42)
==16980== by 0x5B0358A: smb2_close (close.c:78)
==16980== by 0x5B087B3: smb2_util_close (util.c:40)
==16980== by 0x51B4F3: test_stream_sharemodes (streams.c:557)
==16980== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16980== by 0x955368F: internal_torture_run_test (torture.c:442)
==16980== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16980== by 0x26013F: run_matching (smbtorture.c:110)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16980== by 0x261EDF: main (smbtorture.c:665)
==16980==
==16980== Use of uninitialised value of size 8
==16980== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16980== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16980== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16980== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16980== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16980== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16980== by 0x5B030F3: smb2_close_send (close.c:42)
==16980== by 0x5B0358A: smb2_close (close.c:78)
==16980== by 0x5B087B3: smb2_util_close (util.c:40)
==16980== by 0x51B4F3: test_stream_sharemodes (streams.c:557)
==16980== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16980== by 0x955368F: internal_torture_run_test (torture.c:442)
==16980== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16980== by 0x26013F: run_matching (smbtorture.c:110)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16980== by 0x261EDF: main (smbtorture.c:665)
==16980==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/streams.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 14e5288..f2c5799 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -574,6 +574,10 @@ static bool test_stream_sharemodes(struct torture_context *tctx,
bool ret = true;
struct smb2_handle h, h1, h2;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
"Second Stream");
--
2.1.4
From 491e070f3e535d2f9fbe50d38d6dddd97b721a6c Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:48:39 +0100
Subject: [PATCH 28/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.names.names generated the following
valgrind trace.
(../source4/torture/smb2/streams.c:791) testing stream names
==17238== Use of uninitialised value of size 8
==17238== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17238== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17238== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17238== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17238== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17238== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17238== by 0x5B030F3: smb2_close_send (close.c:42)
==17238== by 0x5B0358A: smb2_close (close.c:78)
==17238== by 0x5B087B3: smb2_util_close (util.c:40)
==17238== by 0x51E480: test_stream_names (streams.c:1053)
==17238== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17238== by 0x955368F: internal_torture_run_test (torture.c:442)
==17238== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17238== by 0x26013F: run_matching (smbtorture.c:110)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17238== by 0x261EDF: main (smbtorture.c:665)
==17238==
==17238== Use of uninitialised value of size 8
==17238== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17238== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17238== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17238== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17238== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17238== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17238== by 0x5B030F3: smb2_close_send (close.c:42)
==17238== by 0x5B0358A: smb2_close (close.c:78)
==17238== by 0x5B087B3: smb2_util_close (util.c:40)
==17238== by 0x51E480: test_stream_names (streams.c:1053)
==17238== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17238== by 0x955368F: internal_torture_run_test (torture.c:442)
==17238== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17238== by 0x26013F: run_matching (smbtorture.c:110)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17238== by 0x261EDF: main (smbtorture.c:665)
==17238==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/streams.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index f2c5799..449dd50 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -841,6 +841,11 @@ static bool test_stream_names(struct torture_context *tctx,
":?Stream*:$DATA"
};
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
+ ZERO_STRUCT(h3);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "\x05Stream\n One");
sname1b = talloc_asprintf(mem_ctx, "%s:", sname1);
sname1c = talloc_asprintf(mem_ctx, "%s:$FOO", sname1);
--
2.1.4
From 6bd8ebcbc6ca13229bc411a11e878a8faa5c9462 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:00:25 +0100
Subject: [PATCH 29/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.rename2.rename2 generates the following valgrind
trace
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 449dd50..8aa4b1a 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -1334,6 +1334,9 @@ static bool test_stream_rename2(struct torture_context *tctx,
struct smb2_handle h, h1;
union smb_setfileinfo sinfo;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream Two");
--
2.1.4
From 75e2c8519211238a7d2563356df3e66fba4cce35 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:26:03 +0100
Subject: [PATCH 30/33] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.attributes.attributes generates the following
valgrind trace,
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
==17997==
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 8aa4b1a..8c3f161 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -1685,6 +1685,9 @@ static bool test_stream_attributes(struct torture_context *tctx,
union smb_setfileinfo sfinfo;
time_t basetime = (time(NULL) - 86400) & ~1;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+
torture_comment(tctx, "(%s) testing attribute setting on stream\n",
__location__);
--
2.1.4
From 08c5cc76f6087c304e081632b05af8d93f98996b Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:46:24 +0100
Subject: [PATCH 31/33] s4:torture:libnet: fix 'Conditional jump or move'
valgrind error
smbtorture test net.domopen.domopen generated the following valgrind
trace.
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D31: libnet_DomainOpen_send (libnet_domain.c:617)
==29054== by 0x9788E01: libnet_DomainOpen (libnet_domain.c:676)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29054== by 0x261EDF: main (smbtorture.c:665)
==29054==
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D95: libnet_DomainOpen_recv (libnet_domain.c:648)
==29054== by 0x9788E1D: libnet_DomainOpen (libnet_domain.c:677)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/libnet/domain.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/libnet/domain.c b/source4/torture/libnet/domain.c
index 71753de..c1cfc91 100644
--- a/source4/torture/libnet/domain.c
+++ b/source4/torture/libnet/domain.c
@@ -33,6 +33,8 @@ static bool test_domainopen(struct torture_context *tctx,
NTSTATUS status;
struct libnet_DomainOpen io;
+ ZERO_STRUCT(io);
+
torture_comment(tctx, "opening domain\n");
io.in.domain_name = talloc_strdup(mem_ctx, domname->string);
--
2.1.4
From fb5fd7e31702c8e12e1e7d59b7de783e461c6419 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:57:46 +0100
Subject: [PATCH 32/33] s4:torture:libnet: fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture test net.api.delshare.api.delshare generates the following
valgrind trace
==29209== Syscall param writev(vector[...]) points to uninitialised byte(s)
==29209== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==29209== by 0x106CB033: writev_handler (async_sock.c:340)
==29209== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
==29209== Address 0x1887fd16 is 598 bytes inside a block of size 1,325 alloc'd
==29209== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29209== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==29209== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==29209== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==29209== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==29209== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==29209== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==29209== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==29209== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==29209== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/libnet/libnet_share.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c
index b9e969f..3c50883 100644
--- a/source4/torture/libnet/libnet_share.c
+++ b/source4/torture/libnet/libnet_share.c
@@ -176,6 +176,10 @@ static bool test_addshare(struct torture_context *tctx,
union srvsvc_NetShareInfo info;
struct srvsvc_NetShareInfo2 i;
+ ZERO_STRUCT(i);
+ ZERO_STRUCT(info);
+ ZERO_STRUCT(add);
+
i.name = share;
i.type = STYPE_DISKTREE;
i.path = "C:\\WINDOWS\\TEMP";
--
2.1.4
From 4f8ceb4b23b6bdf461350072ed0f1044b2375929 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 14:49:44 +0100
Subject: [PATCH 33/33] s4:torture:vfs: fix Invalid read of size 8 valgrind
valgrind error (and segv)
when running smbtorture test
'vfs.fruit.SMB2/CREATE context AAPL.SMB2/CREATE context AAPL'
(on non-osx system) the following valgrind errors occur
==2419== Invalid read of size 8
==2419== at 0x4055EA: test_aapl (fruit.c:1939)
==2419== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==2419== by 0x955368F: internal_torture_run_test (torture.c:442)
==2419== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==2419== by 0x26013F: run_matching (smbtorture.c:110)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==2419== by 0x261EDF: main (smbtorture.c:665)
==2419== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==2419==
===============================================================
INTERNAL ERROR: Signal 11 in pid 2419 (4.2.4)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Signed-off-by: Noel Power <noel.power at suse.com>
---
source4/torture/vfs/fruit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index ae978c2..020bd1f 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -1936,6 +1936,14 @@ static bool test_aapl(struct torture_context *tctx,
aapl = smb2_create_blob_find(&io.out.blobs,
SMB2_CREATE_TAG_AAPL);
+ if (aapl == NULL) {
+ torture_result(tctx, TORTURE_FAIL,
+ "(%s) unexpectedly no AAPL capabilities were returned.",
+ __location__);
+ ret = false;
+ goto done;
+ }
+
if (aapl->data.length != 50) {
/*
* uint32_t CommandCode = kAAPL_SERVER_QUERY
--
2.1.4
More information about the samba-technical
mailing list