some valgrind patches
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Apr 22 12:12:25 UTC 2016
On Fri, Apr 22, 2016 at 11:24:02AM +0100, Noel Power wrote:
> On 22/04/16 10:31, Stefan Metzmacher wrote:
> > Am 22.04.2016 um 11:06 schrieb Volker Lendecke:
> >> On Fri, Apr 22, 2016 at 07:34:31AM +0100, Noel Power wrote:
> >>> On 21/04/16 15:46, Volker Lendecke wrote:
> >>>> On Thu, Apr 21, 2016 at 01:57:53PM +0100, Noel Power wrote:
> >>>>> Hi,
> >>>>> Here are some patches to fix some issues discovered by running
> >>>>> smbtorture itself under valgrind
> >>>> Looks very good! Does that survive an autobuild?
> >>> not sure what autobuild actually is... but make test passes (with the
> >>> patches)
> >> The fix for
> >>
> >> librpc:rpc: fix 'Invalid read of size 8' valgrind error
> >>
> >> is in the wrong place I think. Shouldn't this be fixed in
> >> torture_dsgetinfo_tcase_teardown?
> >>
> >> If we want to protect dcerpc_binding_handle_call from a NULL handle,
> >> we should do it in dcerpc_binding_handle_call_send to also protect the
> >> async send/recv. Also, dcerpc_binding_handle_raw_call would need the
> >> same protection.
> > I don't think we want protection there.
> > I haven't looked at the patch, but the caller
> > (torture_dsgetinfo_tcase_teardown ?)
> > should be fixed.
> sure I can look at fixing it there, might wait though till the rest are
> reviewed before resending the (rather large) patch set
Attached find the reduced patchset with my r-b. I've added one blank
line in a patch, so it might conflict for you in one step.
We need a second team review now.
BTW, for most patches I would have preferred direct initialization of
the structs with ={0}; in the declaration, but as this is mostly just
test code I'm not so picky about it this time :-)
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From ec9eb1504bf579da3d2f035f0f00ed98f81a5e1e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:22:02 +0100
Subject: [PATCH 01/32] s4:libnet: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture rpc.dfs.netdfs.StdRoot yields the following valgrind trace
==18861== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18861== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18861== by 0x106CB033: writev_handler (async_sock.c:340)
==18861== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18861== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18861== by 0xBC6D0D2: dcerpc_srvsvc_NetShareDel_r (ndr_srvsvc_c.c:4272)
==18861== by 0x9786C0C: libnet_DelShare (libnet_share.c:195)
==18861== by 0x2E0174: test_NetShareDel (dfs.c:103)
==18861== by 0x2E126F: test_cleanup_stdroot (dfs.c:488)
==18861== Address 0x18869b46 is 598 bytes inside a block of size 1,325 alloc'd
==18861== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18861== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18861== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18861== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18861== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18861== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18861== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18861== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18861== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18861== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18861== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/libnet/libnet_share.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/libnet/libnet_share.c b/source4/libnet/libnet_share.c
index 7c9121b..d8e8240 100644
--- a/source4/libnet/libnet_share.c
+++ b/source4/libnet/libnet_share.c
@@ -175,6 +175,7 @@ NTSTATUS libnet_DelShare(struct libnet_context *ctx,
struct srvsvc_NetShareDel s;
ZERO_STRUCT(c);
+ ZERO_STRUCT(s);
c.level = LIBNET_RPC_CONNECT_SERVER;
c.in.name = r->in.server_name;
--
2.1.4
From 0908a6b42ef119afe685e65d87672d1742ba3b5e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:30:52 +0100
Subject: [PATCH 02/32] s4:torture:rpc: fix valgrind Syscall param
writev(vector[...]) error
running smbtorture rpc.srvsvc.srvsvc\ (admin\ access).NetDiskEnum results
in the following valgrind trace
==30237== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30237== at 0xDD01C67: writev (in /lib64/libc-2.19.so)
==30237== by 0xE1D09D4: writev_handler (async_sock.c:340)
==30237== by 0xD81A12A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8185F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8147FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD815ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0x5AC726D: tevent_req_poll_ntstatus (in /usr/lib64/libtevent-util.so.0.0.1)
==30237== by 0x8120CEA: dcerpc_binding_handle_call (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==30237== by 0xA9AC6EC: dcerpc_srvsvc_NetDiskEnum_r (ndr_srvsvc_c.c:5388)
==30237== by 0x2ADDF8: ??? (in /usr/bin/smbtorture)
==30237== by 0x898DF8C: ??? (in /usr/lib64/libtorture.so.0.0.1)
==30237== by 0x1F0816: ??? (in /usr/bin/smbtorture)
==30237== Address 0x15952676 is 598 bytes inside a block of size 1,325 alloc'd
==30237== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30237== by 0xCCCAA73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30237== by 0xD81566D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xA2B7910: smb1cli_req_create (smbXcli_base.c:1322)
==30237== by 0xA2BA4E3: smb1cli_trans_send (smb1cli_trans.c:512)
==30237== by 0xA2C1F91: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==30237== by 0xA2C23AE: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==30237== by 0xAC8E43C: tstream_writev_send (tsocket.c:695)
==30237== by 0xAC8E9BA: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==30237== by 0xD815023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/rpc/srvsvc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/torture/rpc/srvsvc.c b/source4/torture/rpc/srvsvc.c
index 21b67fd..5058dcd 100644
--- a/source4/torture/rpc/srvsvc.c
+++ b/source4/torture/rpc/srvsvc.c
@@ -970,6 +970,7 @@ static bool test_NetDiskEnum(struct torture_context *tctx,
struct dcerpc_binding_handle *b = p->binding_handle;
ZERO_STRUCT(info);
+ ZERO_STRUCT(r);
r.in.server_unc = NULL;
r.in.resume_handle = &resume_handle;
--
2.1.4
From 2a798501eb071a706d26b3ff2bb0ed0185c459c0 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 16:15:54 +0100
Subject: [PATCH 03/32] s4:torture:rpc: fix valgrind 'Syscall param
writev(vector[...])' error
running smbtorture test rpc.samba3.winreg.winreg yields the following
valgrind trace
==18533== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18533== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18533== by 0x106CB033: writev_handler (async_sock.c:340)
==18533== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18533== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18533== by 0xBBD049F: dcerpc_winreg_EnumValue_r (ndr_winreg_c.c:2354)
==18533== by 0x3D3E3E: enumvalues (samba3rpc.c:2982)
==18533== by 0x3D40A5: enumkeys (samba3rpc.c:3042)
==18533== by 0x3D4085: enumkeys (samba3rpc.c:3041)
==18533== Address 0x1886edd6 is 598 bytes inside a block of size 1,325 alloc'd
==18533== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18533== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18533== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18533== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18533== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18533== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18533== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18533== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18533== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18533== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/rpc/samba3rpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 9e521cd..a578e8c 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -2960,6 +2960,7 @@ static bool enumvalues(struct torture_context *tctx,
NTSTATUS status;
uint32_t size, length;
+ ZERO_STRUCT(buf8);
r.in.handle = handle;
r.in.enum_index = enum_index;
name.name = "";
--
2.1.4
From 23859852939cbd6cfc099aa305fe3081adbac286 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 15:59:08 +0100
Subject: [PATCH 04/32] s4:torture:rpc: fix valgrind 'Syscall param
writev(vector[...])' valgrind error
when running smbtorture rpc.samba3.regconfig.regconfig
Note: to fix this particular error only the action_taken variable needed
to be initialised. ZERO-ing the structs for completeness.
==14958== Syscall param writev(vector[...]) points to uninitialised byte(s)
==14958== at 0xFB9FC87: writev (in /lib64/libc-2.19.so)
==14958== by 0x106C8003: writev_handler (async_sock.c:340)
==14958== by 0xF67407E: epoll_event_loop (tevent_epoll.c:728)
==14958== by 0xF67469C: epoll_event_loop_once (tevent_epoll.c:926)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
==14958== by 0x9553F42: wrap_simple_test (torture.c:632)
==14958== by 0x955366F: internal_torture_run_test (torture.c:442)
==14958== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14958== by 0x260074: run_matching (smbtorture.c:110)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14958== by 0x261E14: main (smbtorture.c:665)
==14958== Address 0x18868ec6 is 598 bytes inside a block of size 1,325 alloc'd
==14958== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14958== by 0xF45EE38: __talloc_with_prefix (talloc.c:668)
==14958== by 0xF45EFF5: _talloc_pool (talloc.c:721)
==14958== by 0xF45F167: _talloc_pooled_object (talloc.c:790)
==14958== by 0xF66C664: _tevent_req_create (tevent_req.c:66)
==14958== by 0xB0D49CF: smb1cli_req_create (smbXcli_base.c:1322)
==14958== by 0xB0E1E3D: smb1cli_trans_send (smb1cli_trans.c:512)
==14958== by 0xB0ED44D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==14958== by 0xB0EC817: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==14958== by 0xB0EC4A7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==14958== by 0xC259DDA: tstream_writev_send (tsocket.c:695)
==14958== by 0xC25AD44: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==14958== by 0xF66BF73: tevent_queue_immediate_trigger (tevent_queue.c:149)
==14958== by 0xF66BBFB: tevent_common_loop_immediate (tevent_immediate.c:135)
==14958== by 0xF674602: epoll_event_loop_once (tevent_epoll.c:907)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/rpc/samba3rpc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index a578e8c..9da6b54 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -3165,7 +3165,12 @@ static bool torture_samba3_createshare(struct torture_context *tctx,
struct policy_handle new_handle;
struct winreg_CreateKey c;
struct winreg_CloseKey cl;
- enum winreg_CreateAction action_taken;
+ enum winreg_CreateAction action_taken = REG_ACTION_NONE;
+
+ ZERO_STRUCT(c);
+ ZERO_STRUCT(cl);
+ ZERO_STRUCT(hklm);
+ ZERO_STRUCT(new_handle);
c.in.handle = &hklm;
c.in.name.name = talloc_asprintf(
--
2.1.4
From 5894a1462fbe5f78d914f8de769d5cd8c0f185f8 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Fri, 15 Apr 2016 12:51:32 +0100
Subject: [PATCH 05/32] s4:lib:registry: fix 'Conditional jump or move'
valgrind error.
smbtorture local.registry.diff.dotreg.test_diff_apply produces the following
valgrind trace
==18367== Conditional jump or move depends on uninitialised value(s)
==18367== at 0xA02ED96: reg_dotreg_diff_load (patchfile_dotreg.c:252)
==18367== by 0xA031C6C: reg_diff_load (patchfile.c:375)
==18367== by 0xA0323AB: reg_diff_apply (patchfile.c:542)
==18367== by 0x15F116: test_diff_apply (diff.c:72)
==18367== by 0x955460C: wrap_test_with_simple_test (torture.c:731)
==18367== by 0x955366F: internal_torture_run_test (torture.c:442)
==18367== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==18367== by 0x260074: run_matching (smbtorture.c:110)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x25FF36: run_matching (smbtorture.c:95)
==18367== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==18367==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/lib/registry/patchfile_dotreg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/lib/registry/patchfile_dotreg.c b/source4/lib/registry/patchfile_dotreg.c
index f537b97..49f71f9 100644
--- a/source4/lib/registry/patchfile_dotreg.c
+++ b/source4/lib/registry/patchfile_dotreg.c
@@ -249,7 +249,7 @@ _PUBLIC_ WERROR reg_dotreg_diff_load(int fd,
while ((line = afdgets(fd, mem_ctx, 0))) {
/* Remove '\r' if it's a Windows text file */
- if (line[strlen(line)-1] == '\r') {
+ if (strlen(line) && line[strlen(line)-1] == '\r') {
line[strlen(line)-1] = '\0';
}
--
2.1.4
From 4fef07918c4c649b12d2d38e7c8c0afa55ad5d5d Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 11:50:08 +0100
Subject: [PATCH 06/32] s4:torture:basic fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture 'base.aliases.QPATHINFO aliases.QPATHINFO aliases' results in
following valgrind trace
==22469== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22469== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22469== by 0x106CB033: writev_handler (async_sock.c:340)
==22469== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22469== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22469== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22469== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22469== by 0x423431: qpathinfo_aliases (aliases.c:171)
==22469== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22469== by 0x955368F: internal_torture_run_test (torture.c:442)
==22469== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22469== by 0x2600A4: run_matching (smbtorture.c:110)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22469== by 0x261E44: main (smbtorture.c:665)
==22469== Address 0x187dfb86 is 598 bytes inside a block of size 1,325 alloc'd
==22469== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22469== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22469== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22469== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22469== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22469== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22469== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22469== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22469== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22469== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22469== by 0x423431: qpathinfo_aliases (aliases.c:171)
==22469== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22469== by 0x955368F: internal_torture_run_test (torture.c:442)
==22469== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22469== by 0x2600A4: run_matching (smbtorture.c:110)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x25FF66: run_matching (smbtorture.c:95)
==22469== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22469== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index acd33a4..40a22a7 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -150,6 +150,7 @@ static bool qpathinfo_aliases(struct torture_context *tctx, struct smbcli_state
const char *fname = "\\qpathinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 2;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -159,7 +160,6 @@ static bool qpathinfo_aliases(struct torture_context *tctx, struct smbcli_state
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 6);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From 32aa8f97079e14e1109adfa989ca1e3b0d746b5b Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 11:57:58 +0100
Subject: [PATCH 07/32] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error
running smbtorture test base.aliases.FINDFIRST aliases.FINDFIRST aliases
results in the following valgrind trace
==22639== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22639== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22639== by 0x106CB033: writev_handler (async_sock.c:340)
==22639== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22639== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22639== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22639== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22639== by 0x423672: findfirst_aliases (aliases.c:213)
==22639== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22639== by 0x955368F: internal_torture_run_test (torture.c:442)
==22639== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22639== by 0x2600A4: run_matching (smbtorture.c:110)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22639== by 0x261E44: main (smbtorture.c:665)
==22639== Address 0x187dfd26 is 598 bytes inside a block of size 1,325 alloc'd
==22639== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22639== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22639== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22639== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22639== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22639== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22639== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22639== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22639== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22639== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22639== by 0x423672: findfirst_aliases (aliases.c:213)
==22639== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22639== by 0x955368F: internal_torture_run_test (torture.c:442)
==22639== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22639== by 0x2600A4: run_matching (smbtorture.c:110)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x25FF66: run_matching (smbtorture.c:95)
==22639== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22639== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 40a22a7..3e829ac 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -192,6 +192,7 @@ static bool findfirst_aliases(struct torture_context *tctx, struct smbcli_state
const char *fname = "\\findfirst_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 16;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -201,7 +202,6 @@ static bool findfirst_aliases(struct torture_context *tctx, struct smbcli_state
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 12);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From 09c4c11b6a8d6295eff98705bf2f4e1d19b16dd0 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 12:20:35 +0100
Subject: [PATCH 08/32] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error
smbtorture test base.aliases.setfileinfo_aliases.setfileinfo_aliases
results in the following valgrind trace
==22757== Syscall param writev(vector[...]) points to uninitialised byte(s)
==22757== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==22757== by 0x106CB033: writev_handler (async_sock.c:340)
==22757== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==22757== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==22757== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==22757== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22757== by 0x423C91: setfileinfo_aliases (aliases.c:327)
==22757== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22757== by 0x955368F: internal_torture_run_test (torture.c:442)
==22757== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22757== by 0x2600A4: run_matching (smbtorture.c:110)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22757== by 0x261E44: main (smbtorture.c:665)
==22757== Address 0x187dfee6 is 598 bytes inside a block of size 1,325 alloc'd
==22757== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22757== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==22757== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==22757== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==22757== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==22757== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==22757== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==22757== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==22757== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==22757== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==22757== by 0x423C91: setfileinfo_aliases (aliases.c:327)
==22757== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==22757== by 0x955368F: internal_torture_run_test (torture.c:442)
==22757== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==22757== by 0x2600A4: run_matching (smbtorture.c:110)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x25FF66: run_matching (smbtorture.c:95)
==22757== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==22757== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 3e829ac..3528b2f 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -306,6 +306,7 @@ static bool setfileinfo_aliases(struct torture_context *tctx, struct smbcli_stat
const char *fname = "\\setfileinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 2;
t2.in.max_data = 0;
t2.in.max_setup = 0;
@@ -315,7 +316,6 @@ static bool setfileinfo_aliases(struct torture_context *tctx, struct smbcli_stat
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 6);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
fnum = create_complex_file(cli, cli, fname);
--
2.1.4
From d12adfb17cb2792d69b0d0857e413c1707575b35 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 12:37:03 +0100
Subject: [PATCH 09/32] s4:torture:basic: fix valgrind 'Syscall param
writev(vector[...])' error.
smbtorture test base.aliases.setpathinfo_aliases.setpathinfo_aliases
results in the following valgrind trace
==23067== Syscall param writev(vector[...]) points to uninitialised byte(s)
==23067== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==23067== by 0x106CB033: writev_handler (async_sock.c:340)
==23067== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==23067== by 0x5AE6019: smb_raw_write_recv (rawreadwrite.c:303)
==23067== by 0x5AE63FD: smb_raw_write (rawreadwrite.c:344)
==23067== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==23067== by 0x423EB4: setpathinfo_aliases (aliases.c:367)
==23067== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23067== by 0x955368F: internal_torture_run_test (torture.c:442)
==23067== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23067== by 0x2600A4: run_matching (smbtorture.c:110)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23067== by 0x261E44: main (smbtorture.c:665)
==23067== Address 0x187e0096 is 598 bytes inside a block of size 1,325 alloc'd
==23067== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23067== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==23067== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==23067== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==23067== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==23067== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==23067== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==23067== by 0x5AE5FDD: smb_raw_write_send (rawreadwrite.c:289)
==23067== by 0x5AE63E6: smb_raw_write (rawreadwrite.c:343)
==23067== by 0x9BE50CA: smbcli_write (clireadwrite.c:118)
==23067== by 0x423EB4: setpathinfo_aliases (aliases.c:367)
==23067== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23067== by 0x955368F: internal_torture_run_test (torture.c:442)
==23067== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23067== by 0x2600A4: run_matching (smbtorture.c:110)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x25FF66: run_matching (smbtorture.c:95)
==23067== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23067== by 0x261E44: main (smbtorture.c:665)
==23067==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/aliases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/aliases.c b/source4/torture/basic/aliases.c
index 3528b2f..ee3ea50 100644
--- a/source4/torture/basic/aliases.c
+++ b/source4/torture/basic/aliases.c
@@ -345,6 +345,7 @@ static bool setpathinfo_aliases(struct torture_context *tctx,
const char *fname = "\\setpathinfo_aliases.txt";
int fnum;
+ ZERO_STRUCT(t2);
t2.in.max_param = 32;
t2.in.max_data = UINT16_MAX;
t2.in.max_setup = 0;
@@ -354,7 +355,6 @@ static bool setpathinfo_aliases(struct torture_context *tctx,
t2.in.setup = &setup;
t2.in.params = data_blob_talloc_zero(tctx, 4);
t2.in.data = data_blob(NULL, 0);
- ZERO_STRUCT(t2.out);
smbcli_unlink(cli->tree, fname);
--
2.1.4
From 1a52f49b0688de5d535a92be67a4f91c11a7455a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 13:02:59 +0100
Subject: [PATCH 10/32] s4:libcli: fix 'Conditional jump or move' valgrind
error
smbtorture test base.tcondev.tcondev causes the following valgrind trace
==23282== Conditional jump or move depends on uninitialised value(s)
==23282== at 0x9BE5632: smbcli_tconX (cliconnect.c:148)
==23282== by 0x41021C: tcon_devtest (base.c:91)
==23282== by 0x411A01: run_tcon_devtype_test (base.c:522)
==23282== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23282== by 0x955368F: internal_torture_run_test (torture.c:442)
==23282== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23282== by 0x2600A4: run_matching (smbtorture.c:110)
==23282== by 0x25FF66: run_matching (smbtorture.c:95)
==23282== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23282== by 0x261E44: main (smbtorture.c:665)
==23282==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/libcli/cliconnect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c
index 35d963e..58118b0 100644
--- a/source4/libcli/cliconnect.c
+++ b/source4/libcli/cliconnect.c
@@ -142,13 +142,16 @@ NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename,
tcon.tconx.in.device = devtype;
status = smb_raw_tcon(cli->tree, mem_ctx, &tcon);
-
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
cli->tree->tid = tcon.tconx.out.tid;
if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
smb1cli_session_protect_session_key(cli->tree->session->smbXcli);
}
+out:
talloc_free(mem_ctx);
return status;
--
2.1.4
From cd6ad815d047763640d5fa95b0015fb64e42683a Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 14:30:44 +0100
Subject: [PATCH 11/32] s4:torture:basic: fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture test base.winattr.winattr yields the following trace
==25514== Syscall param writev(vector[...]) points to uninitialised byte(s)
==25514== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==25514== by 0x106CB033: writev_handler (async_sock.c:340)
==25514== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==25514== by 0x5AEEC7E: smb_raw_nttrans_recv (rawtrans.c:408)
==25514== by 0x5AF6543: smb_raw_query_secdesc_recv (rawacl.c:67)
==25514== by 0x5AF580F: smb_raw_fileinfo_recv (rawfileinfo.c:699)
==25514== by 0x5AF58BE: smb_raw_fileinfo (rawfileinfo.c:721)
==25514== by 0x454AC3: torture_winattrtest (attr.c:217)
==25514== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==25514== by 0x955368F: internal_torture_run_test (torture.c:442)
==25514== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==25514== by 0x2600A4: run_matching (smbtorture.c:110)
==25514== by 0x25FF66: run_matching (smbtorture.c:95)
==25514== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==25514== by 0x261E44: main (smbtorture.c:665)
==25514== Address 0x187d69c6 is 598 bytes inside a block of size 1,325 alloc'd
==25514== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25514== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==25514== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==25514== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==25514== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==25514== by 0x5AEE9B2: smb_raw_nttrans_send (rawtrans.c:310)
==25514== by 0x5AF64F0: smb_raw_query_secdesc_send (rawacl.c:51)
==25514== by 0x5AF56E5: smb_raw_fileinfo_send (rawfileinfo.c:658)
==25514== by 0x5AF58A3: smb_raw_fileinfo (rawfileinfo.c:720)
==25514== by 0x454AC3: torture_winattrtest (attr.c:217)
==25514== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==25514== by 0x955368F: internal_torture_run_test (torture.c:442)
==25514== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==25514== by 0x2600A4: run_matching (smbtorture.c:110)
==25514== by 0x25FF66: run_matching (smbtorture.c:95)
==25514== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==25514== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/attr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source4/torture/basic/attr.c b/source4/torture/basic/attr.c
index 8d51fa3..9eb9ec8 100644
--- a/source4/torture/basic/attr.c
+++ b/source4/torture/basic/attr.c
@@ -198,7 +198,8 @@ bool torture_winattrtest(struct torture_context *tctx,
union smb_fileinfo query, query_org;
NTSTATUS status;
struct security_descriptor *sd1, *sd2;
-
+ ZERO_STRUCT(query);
+ ZERO_STRUCT(query_org);
/* Test winattrs for file */
smbcli_unlink(cli1->tree, fname);
--
2.1.4
From c3bd12f4d449a95bf736b9cc5dd405d346913243 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 15:52:12 +0100
Subject: [PATCH 12/32] s4:torture:basic: fix 'Conditional jump or move '
valgrind error
running smbtorture test base.bench-holdopen.bench-holdopen yields the
following valgrind trace.
==29953== Conditional jump or move depends on uninitialised value(s)
==29953== at 0xF4634F0: _talloc_zero_array (in /usr/lib64/libtalloc.so.2.1.5)
==29953== by 0x5AE257E: smbcli_request_setup_transport (rawrequest.c:101)
==29953== by 0x5AE04AF: smb_raw_echo_send (clitransport.c:554)
==29953== by 0x5AE0774: smb_raw_echo (clitransport.c:609)
==29953== by 0x4183D3: torture_holdopen (misc.c:288)
==29953== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==29953== by 0x955368F: internal_torture_run_test (torture.c:442)
==29953== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29953== by 0x2600A4: run_matching (smbtorture.c:110)
==29953== by 0x25FF66: run_matching (smbtorture.c:95)
==29953== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==29953== by 0x261E44: main (smbtorture.c:665)
==29953==
==29953== Conditional jump or move depends on uninitialised value(s)
==29953== at 0xF4630E3: _talloc_zero (in /usr/lib64/libtalloc.so.2.1.5)
==29953== by 0x5AE257E: smbcli_request_setup_transport (rawrequest.c:101)
==29953== by 0x5AE04AF: smb_raw_echo_send (clitransport.c:554)
==29953== by 0x5AE0774: smb_raw_echo (clitransport.c:609)
==29953== by 0x4183D3: torture_holdopen (misc.c:288)
==29953== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==29953== by 0x955368F: internal_torture_run_test (torture.c:442)
==29953== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29953== by 0x2600A4: run_matching (smbtorture.c:110)
==29953== by 0x25FF66: run_matching (smbtorture.c:95)
==29953== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==29953== by 0x261E44: main (smbtorture.c:665)
==29953==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/basic/misc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
index 4e84e38..cbf1e9f 100644
--- a/source4/torture/basic/misc.c
+++ b/source4/torture/basic/misc.c
@@ -284,7 +284,7 @@ bool torture_holdopen(struct torture_context *tctx,
while (1) {
struct smb_echo ec;
-
+ ZERO_STRUCT(ec);
status = smb_raw_echo(cli->transport, &ec);
torture_comment(tctx, ".");
fflush(stdout);
--
2.1.4
From 803ef7095f05fe9ad70d44a72d981fa70e4538ce Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:04:26 +0100
Subject: [PATCH 13/32] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.open.chained-ntcreatex.chained-ntcreatex results
in the following valgrind trace
==30405== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30405== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30405== by 0x106CB033: writev_handler (async_sock.c:340)
==30405== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30405== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30405== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30405== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30405== by 0x1A66B4: test_chained_ntcreatex_readx (open.c:1735)
==30405== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30405== by 0x955368F: internal_torture_run_test (torture.c:442)
==30405== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30405== by 0x2600A4: run_matching (smbtorture.c:110)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==30405== by 0x261E44: main (smbtorture.c:665)
==30405== Address 0x187e1196 is 598 bytes inside a block of size 1,325 alloc'd
==30405== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30405== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30405== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30405== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30405== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30405== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30405== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30405== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30405== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30405== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30405== by 0x1A66B4: test_chained_ntcreatex_readx (open.c:1735)
==30405== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30405== by 0x955368F: internal_torture_run_test (torture.c:442)
==30405== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30405== by 0x2600A4: run_matching (smbtorture.c:110)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x25FF66: run_matching (smbtorture.c:95)
==30405== by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==30405== by 0x261E44: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/open.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index dc76b0b..fb8749d 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -1700,6 +1700,8 @@ static bool test_chained_ntcreatex_readx(struct torture_context *tctx, struct sm
const char buf[] = "test";
char buf2[4];
+ ZERO_STRUCT(io);
+
torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
torture_comment(tctx, "Checking RAW_NTCREATEX_READX chained on "
--
2.1.4
From 115435887fbd4ef9b0f3cbf95454fc5ccd06b43c Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:20:55 +0100
Subject: [PATCH 14/32] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.open.openx-over-dir.openx-over-dir results in
the following valgrind trace
==30597== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30597== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30597== by 0x106CB033: writev_handler (async_sock.c:340)
==30597== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30597== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30597== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30597== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30597== by 0x1A57F0: test_openx_over_dir (open.c:1495)
==30597== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30597== by 0x955368F: internal_torture_run_test (torture.c:442)
==30597== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30597== by 0x2600BD: run_matching (smbtorture.c:110)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x2601DE: torture_run_named_tests (smbtorture.c:143)
==30597== by 0x261E5D: main (smbtorture.c:665)
==30597== Address 0x187e41d6 is 598 bytes inside a block of size 1,325 alloc'd
==30597== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30597== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30597== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30597== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30597== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30597== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30597== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30597== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30597== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30597== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30597== by 0x1A57F0: test_openx_over_dir (open.c:1495)
==30597== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30597== by 0x955368F: internal_torture_run_test (torture.c:442)
==30597== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30597== by 0x2600BD: run_matching (smbtorture.c:110)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x25FF7F: run_matching (smbtorture.c:95)
==30597== by 0x2601DE: torture_run_named_tests (smbtorture.c:143)
==30597== by 0x261E5D: main (smbtorture.c:665)
==30597==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/open.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index fb8749d..c3cb484 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -1469,6 +1469,8 @@ static bool test_openx_over_dir(struct torture_context *tctx, struct smbcli_stat
int fnum = -1;
bool ret = true;
+ ZERO_STRUCT(io);
+
torture_assert(tctx, torture_setup_dir(cli, BASEDIR), "Failed to setup up test directory: " BASEDIR);
/* Create the Directory */
--
2.1.4
From 707642f7bdc6bea7136a8013a47e6c2fc0ea78a2 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 16:34:06 +0100
Subject: [PATCH 15/32] s4:torture:raw: fix 'Syscall param writev(vector[...])'
valgrind error
running smbtorture test raw.streams.createdisp.createdisp results in
the following valgrind trace
==30946== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30946== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==30946== by 0x106CB033: writev_handler (async_sock.c:340)
==30946== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0x5AE3400: smbcli_request_receive (rawrequest.c:416)
==30946== by 0x5AE343E: smbcli_request_simple_recv (rawrequest.c:430)
==30946== by 0x5ADC8BC: smb_raw_close (rawfile.c:847)
==30946== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30946== by 0x209F0D: create_file_with_stream (streams.c:1502)
==30946== by 0x20A072: test_stream_create_disposition (streams.c:1527)
==30946== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30946== by 0x955368F: internal_torture_run_test (torture.c:442)
==30946== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30946== by 0x2600D6: run_matching (smbtorture.c:110)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x2601F7: torture_run_named_tests (smbtorture.c:143)
==30946== by 0x261E76: main (smbtorture.c:665)
==30946== Address 0x187ebbc6 is 598 bytes inside a block of size 1,325 alloc'd
==30946== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30946== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30946== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30946== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==30946== by 0x5ADFAB7: smbcli_transport_setup_subreq (clitransport.c:254)
==30946== by 0x5ADFC37: smbcli_transport_send (clitransport.c:326)
==30946== by 0x5AE33C3: smbcli_request_send (rawrequest.c:400)
==30946== by 0x5ADC869: smb_raw_close_send (rawfile.c:832)
==30946== by 0x5ADC8AC: smb_raw_close (rawfile.c:846)
==30946== by 0x9BE60B4: smbcli_close (clifile.c:316)
==30946== by 0x209F0D: create_file_with_stream (streams.c:1502)
==30946== by 0x20A072: test_stream_create_disposition (streams.c:1527)
==30946== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==30946== by 0x955368F: internal_torture_run_test (torture.c:442)
==30946== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==30946== by 0x2600D6: run_matching (smbtorture.c:110)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x25FF98: run_matching (smbtorture.c:95)
==30946== by 0x2601F7: torture_run_named_tests (smbtorture.c:143)
==30946== by 0x261E76: main (smbtorture.c:665
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/streams.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/streams.c b/source4/torture/raw/streams.c
index 103a2c3..8c60d6c 100644
--- a/source4/torture/raw/streams.c
+++ b/source4/torture/raw/streams.c
@@ -1473,6 +1473,8 @@ static bool create_file_with_stream(struct torture_context *tctx,
bool ret = true;
union smb_open io;
+ ZERO_STRUCT(io);
+
/* Create a file with a stream */
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.root_fid.fnum = 0;
--
2.1.4
From 511721430fddf338df73a4c301f06ab3836e13c0 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 17:02:29 +0100
Subject: [PATCH 16/32] s4:torture:raw: fix 'use of uninitialised value of size
8' valgrind errors
smbtorture test raw.acls.create_file.create_file produces the following
valgrind trace
==31783== Use of uninitialised value of size 8
==31783== at 0xFB0B061: _itoa_word (in /lib64/libc-2.19.so)
==31783== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==31783== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==31783== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==31783== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==31783== by 0x3E591A: ndr_print_security_ace (ndr_security.c:539)
==31783== by 0x3E621A: ndr_print_security_acl (ndr_security.c:642)
==31783== by 0x3E7A3F: ndr_print_security_descriptor (ndr_security.c:890)
==31783== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==31783== by 0x20C91F: verify_sd (acls.c:89)
==31783== by 0x20D8C3: test_nttrans_create_ext (acls.c:306)
==31783== by 0x20E3A8: test_nttrans_create_file (acls.c:381)
==31783== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==31783== by 0x955368F: internal_torture_run_test (torture.c:442)
==31783== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==31783== by 0x260108: run_matching (smbtorture.c:110)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x260229: torture_run_named_tests (smbtorture.c:143)
==31783== by 0x261EA8: main (smbtorture.c:665)
==31783==
==31783== Conditional jump or move depends on uninitialised value(s)
==31783== at 0xFB0B068: _itoa_word (in /lib64/libc-2.19.so)
==31783== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==31783== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==31783== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==31783== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==31783== by 0x3E591A: ndr_print_security_ace (ndr_security.c:539)
==31783== by 0x3E621A: ndr_print_security_acl (ndr_security.c:642)
==31783== by 0x3E7A3F: ndr_print_security_descriptor (ndr_security.c:890)
==31783== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==31783== by 0x20C91F: verify_sd (acls.c:89)
==31783== by 0x20D8C3: test_nttrans_create_ext (acls.c:306)
==31783== by 0x20E3A8: test_nttrans_create_file (acls.c:381)
==31783== by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==31783== by 0x955368F: internal_torture_run_test (torture.c:442)
==31783== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==31783== by 0x260108: run_matching (smbtorture.c:110)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x25FFCA: run_matching (smbtorture.c:95)
==31783== by 0x260229: torture_run_named_tests (smbtorture.c:143)
==31783== by 0x261EA8: main (smbtorture.c:665)
==31783==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/acls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 360d937..dfeb13d 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -238,6 +238,8 @@ static bool test_nttrans_create_ext(struct torture_context *tctx,
NTSTATUS (*delete_func)(struct smbcli_tree *, const char *) =
test_dir ? smbcli_rmdir : smbcli_unlink;
+ ZERO_STRUCT(ace);
+
if (!torture_setup_dir(cli, BASEDIR))
return false;
--
2.1.4
From 06d7166f24200155eab33e568ee9c15c3ada613e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 17:37:57 +0100
Subject: [PATCH 17/32] s4:torture:raw: fix 'Conditional jump or move' valgrind
error.
smbtorture test raw.bench-tcon.bench-tcon produces the following valgrind
trace
==32163== Conditional jump or move depends on uninitialised value(s)
==32163== at 0x1F9D61: rate_convert_secs (tconrate.c:149)
==32163== by 0x1FA04C: torture_bench_treeconnect (tconrate.c:189)
==32163== by 0x9553F62: wrap_simple_test (torture.c:632)
==32163== by 0x955368F: internal_torture_run_test (torture.c:442)
==32163== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==32163== by 0x260121: run_matching (smbtorture.c:110)
==32163== by 0x25FFE3: run_matching (smbtorture.c:95)
==32163== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==32163== by 0x261EC1: main (smbtorture.c:665)
==32163==
==32163== Use of uninitialised value of size 8
==32163== at 0xFB0B0BB: _itoa_word (in /lib64/libc-2.19.so)
==32163== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==32163== by 0xFB15598: printf (in /lib64/libc-2.19.so)
==32163== by 0x1FA064: torture_bench_treeconnect (tconrate.c:188)
==32163== by 0x9553F62: wrap_simple_test (torture.c:632)
==32163== by 0x955368F: internal_torture_run_test (torture.c:442)
==32163== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==32163== by 0x260121: run_matching (smbtorture.c:110)
==32163== by 0x25FFE3: run_matching (smbtorture.c:95)
==32163== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==32163== by 0x261EC1: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/tconrate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c
index 6673f11..ae7d544 100644
--- a/source4/torture/raw/tconrate.c
+++ b/source4/torture/raw/tconrate.c
@@ -161,7 +161,7 @@ bool torture_bench_treeconnect(struct torture_context *tctx)
int nprocs = torture_setting_int(tctx, "nprocs", 4);
int *curr_counts = map_count_buffer(nprocs, sizeof(int));
- int *last_counts = talloc_array(NULL, int, nprocs);
+ int *last_counts = talloc_zero_array(NULL, int, nprocs);
struct timeval now, last, start;
int i, delta;
--
2.1.4
From 22dd069687d20af87657f26e5328896ca49f6dff Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 18:42:57 +0100
Subject: [PATCH 18/32] s4:torture:raw: fix 'Invalid read of size 1 &
Conditional jump or move' errors.
smbtorture test raw.offline.offline generates the following valgrind trace(s).
==5130== at 0x2223AF: loadfile_callback (offline.c:107)
==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208)
==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0x223A16: torture_test_offline (offline.c:493)
==5130== by 0x9553F62: wrap_simple_test (torture.c:632)
==5130== by 0x955368F: internal_torture_run_test (torture.c:442)
==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5130== by 0x260121: run_matching (smbtorture.c:110)
==5130== by 0x25FFE3: run_matching (smbtorture.c:95)
==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==5130== by 0x261EC1: main (smbtorture.c:665)
==5130== Address 0x188b80d0 is 96 bytes inside a block of size 8,288 free'd
==5130== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5130== by 0xF4673A3: ??? (in /usr/lib64/libtalloc.so.2.1.5)
==5130== by 0xF460E42: _talloc_free (in /usr/lib64/libtalloc.so.2.1.5)
==5130== by 0x5AF7635: smb_composite_loadfile_recv (loadfile.c:278)
==5130== by 0x2222F7: loadfile_callback (offline.c:91)
==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208)
==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5130== by 0x223A16: torture_test_offline (offline.c:493)
==5130== by 0x9553F62: wrap_simple_test (torture.c:632)
==5130== by 0x955368F: internal_torture_run_test (torture.c:442)
==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5130== by 0x260121: run_matching (smbtorture.c:110)
==5130== by 0x25FFE3: run_matching (smbtorture.c:95)
==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143)
==5130== by 0x261EC1: main (smbtorture.c:665)
==5130==
AND
==5428== Conditional jump or move depends on uninitialised value(s)
==5428== at 0x22270E: getoffline_callback (offline.c:197)
==5428== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395)
==5428== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==5428== by 0x223A1B: torture_test_offline (offline.c:494)
==5428== by 0x9553F62: wrap_simple_test (torture.c:632)
==5428== by 0x955368F: internal_torture_run_test (torture.c:442)
==5428== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==5428== by 0x260126: run_matching (smbtorture.c:110)
==5428== by 0x25FFE8: run_matching (smbtorture.c:95)
==5428== by 0x260247: torture_run_named_tests (smbtorture.c:143)
==5428== by 0x261EC6: main (smbtorture.c:665)
==5428==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/raw/offline.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/raw/offline.c b/source4/torture/raw/offline.c
index 85b1235..9391b09 100644
--- a/source4/torture/raw/offline.c
+++ b/source4/torture/raw/offline.c
@@ -93,6 +93,7 @@ static void loadfile_callback(struct composite_context *ctx)
printf("Failed to read file '%s' - %s\n",
state->loadfile->in.fname, nt_errstr(status));
test_failed++;
+ return;
}
/* check the data is correct */
@@ -184,6 +185,8 @@ static void getoffline_callback(struct smbcli_request *req)
NTSTATUS status;
union smb_fileinfo io;
+ ZERO_STRUCT(io);
+
io.getattr.level = RAW_FILEINFO_GETATTR;
status = smb_raw_pathinfo_recv(req, state->mem_ctx, &io);
--
2.1.4
From 19c34097dcf36b5b863d71f4e291dc259bde3bdd Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 19:12:27 +0100
Subject: [PATCH 19/32] s4:torture:smb2: fix Use of 'uninitialised value of
size 8' valgrind error.
smbtorture test smb2.create.aclfile.aclfile produces the following
valgrind trace
==6025== Use of uninitialised value of size 8
==6025== at 0xFB0B061: _itoa_word (in /lib64/libc-2.19.so)
==6025== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==6025== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==6025== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==6025== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==6025== by 0x3E5951: ndr_print_security_ace (ndr_security.c:539)
==6025== by 0x3E6251: ndr_print_security_acl (ndr_security.c:642)
==6025== by 0x3E7A76: ndr_print_security_descriptor (ndr_security.c:890)
==6025== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==6025== by 0x45FCB6: smb2_util_verify_sd (util.c:598)
==6025== by 0x502246: test_create_acl_ext (create.c:634)
==6025== by 0x506E13: test_create_acl_file (create.c:1232)
==6025== by 0x48B420: wrap_simple_1smb2_test (smb2.c:52)
==6025== by 0x955368F: internal_torture_run_test (torture.c:442)
==6025== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6025== by 0x26013F: run_matching (smbtorture.c:110)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6025== by 0x261EDF: main (smbtorture.c:665)
==6025==
==6025== Conditional jump or move depends on uninitialised value(s)
==6025== at 0xFB0B068: _itoa_word (in /lib64/libc-2.19.so)
==6025== by 0xFB0EAD2: vfprintf (in /lib64/libc-2.19.so)
==6025== by 0xFB36712: vasprintf (in /lib64/libc-2.19.so)
==6025== by 0xAEBB348: ndr_print_debug_helper (ndr.c:314)
==6025== by 0xAEB8ED1: ndr_print_uint16 (ndr_basic.c:1055)
==6025== by 0x3E5951: ndr_print_security_ace (ndr_security.c:539)
==6025== by 0x3E6251: ndr_print_security_acl (ndr_security.c:642)
==6025== by 0x3E7A76: ndr_print_security_descriptor (ndr_security.c:890)
==6025== by 0xAEBB860: ndr_print_debug (ndr.c:409)
==6025== by 0x45FCB6: smb2_util_verify_sd (util.c:598)
==6025== by 0x502246: test_create_acl_ext (create.c:634)
==6025== by 0x506E13: test_create_acl_file (create.c:1232)
==6025== by 0x48B420: wrap_simple_1smb2_test (smb2.c:52)
==6025== by 0x955368F: internal_torture_run_test (torture.c:442)
==6025== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6025== by 0x26013F: run_matching (smbtorture.c:110)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260001: run_matching (smbtorture.c:95)
==6025== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6025== by 0x261EDF: main (smbtorture.c:665)
==6025==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/create.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 1275aa8..7e6be8d 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -578,6 +578,8 @@ static bool test_create_acl_ext(struct torture_context *tctx, struct smb2_tree *
NTSTATUS (*delete_func)(struct smb2_tree *, const char *) =
test_dir ? smb2_util_rmdir : smb2_util_unlink;
+ ZERO_STRUCT(ace);
+
smb2_deltree(tree, FNAME);
ZERO_STRUCT(io);
--
2.1.4
From 9ce7ef2aedd691baf05d2c3711c84cab1eb26b82 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 19:49:02 +0100
Subject: [PATCH 20/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.notify.mask.mask
==6451== Use of uninitialised value of size 8
==6451== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==6451== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==6451== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==6451== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==6451== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==6451== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==6451== by 0x5B030F3: smb2_close_send (close.c:42)
==6451== by 0x5B0358A: smb2_close (close.c:78)
==6451== by 0x5B087B3: smb2_util_close (util.c:40)
==6451== by 0x483E97: torture_smb2_notify_mask (notify.c:1061)
==6451== by 0x48B783: wrap_simple_2smb2_test (smb2.c:112)
==6451== by 0x955368F: internal_torture_run_test (torture.c:442)
==6451== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6451== by 0x26013F: run_matching (smbtorture.c:110)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6451== by 0x261EDF: main (smbtorture.c:665)
==6451==
==6451== Use of uninitialised value of size 8
==6451== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==6451== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==6451== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==6451== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==6451== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==6451== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==6451== by 0x5B030F3: smb2_close_send (close.c:42)
==6451== by 0x5B0358A: smb2_close (close.c:78)
==6451== by 0x5B087B3: smb2_util_close (util.c:40)
==6451== by 0x483E97: torture_smb2_notify_mask (notify.c:1061)
==6451== by 0x48B783: wrap_simple_2smb2_test (smb2.c:112)
==6451== by 0x955368F: internal_torture_run_test (torture.c:442)
==6451== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==6451== by 0x26013F: run_matching (smbtorture.c:110)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260001: run_matching (smbtorture.c:95)
==6451== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==6451== by 0x261EDF: main (smbtorture.c:665)
==6451==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/notify.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
index b804ebc..e045f25 100644
--- a/source4/torture/smb2/notify.c
+++ b/source4/torture/smb2/notify.c
@@ -866,6 +866,8 @@ static bool torture_smb2_notify_mask(struct torture_context *torture,
torture_comment(torture, "TESTING CHANGE NOTIFY COMPLETION FILTERS\n");
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
/*
get a handle on the directory
*/
--
2.1.4
From 590bcb3a3f9693627423be7e9d644274930337ce Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Mon, 18 Apr 2016 20:28:32 +0100
Subject: [PATCH 21/32] s4:torture:smb2 fix 'Use of uninitialised value of size
8' valgrind error.
smbtorture test smb2.oplock.batch10.batch10 produces the following
valgrind trace
Use of uninitialised value of size 8
==9662== at 0x8F005A1: _samba_rijndaelEncrypt (rijndael-alg-fst.c:956)
==9662== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==9662== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==9662== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==9662== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==9662== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==9662== by 0x5B04C89: smb2_write_send (write.c:49)
==9662== by 0x5B04F85: smb2_write (write.c:79)
==9662== by 0x4AD523: test_smb2_oplock_batch10 (oplock.c:1820)
==9662== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==9662== by 0x955368F: internal_torture_run_test (torture.c:442)
==9662== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==9662== by 0x26013F: run_matching (smbtorture.c:110)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==9662== by 0x261EDF: main (smbtorture.c:665)
==9662==
==9662== Use of uninitialised value of size 8
==9662== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==9662== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==9662== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==9662== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==9662== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==9662== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==9662== by 0x5B04C89: smb2_write_send (write.c:49)
==9662== by 0x5B04F85: smb2_write (write.c:79)
==9662== by 0x4AD523: test_smb2_oplock_batch10 (oplock.c:1820)
==9662== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==9662== by 0x955368F: internal_torture_run_test (torture.c:442)
==9662== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==9662== by 0x26013F: run_matching (smbtorture.c:110)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260001: run_matching (smbtorture.c:95)
==9662== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==9662== by 0x261EDF: main (smbtorture.c:665)
==9662==
Please enter the commit message for your changes. Lines starting
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/oplock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index fdd29c3..7071779 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -1811,7 +1811,7 @@ static bool test_smb2_oplock_batch10(struct torture_context *tctx,
{
struct smb2_write wr;
DATA_BLOB data;
- data = data_blob_talloc(tree1, NULL, UINT16_MAX);
+ data = data_blob_talloc_zero(tree1, UINT16_MAX);
data.data[0] = (const uint8_t)'x';
ZERO_STRUCT(wr);
wr.in.file.handle = h1;
--
2.1.4
From 982f8af1400138c21aad2f454899a97b77750b6e Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 09:53:50 +0100
Subject: [PATCH 22/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture smb2.oplock.brl1.brl1 generates the following valgrind trace
==16002== Use of uninitialised value of size 8
==16002== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
==16002== Use of uninitialised value of size 8
==16002== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
==16002== Use of uninitialised value of size 8
==16002== at 0x8F006AF: _samba_rijndaelEncrypt (rijndael-alg-fst.c:968)
==16002== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16002== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16002== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16002== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16002== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16002== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16002== by 0x5B07AAE: smb2_lock (lock.c:80)
==16002== by 0x4B50D8: test_smb2_oplock_brl1 (oplock.c:3352)
==16002== by 0x48B7B5: wrap_simple_2smb2_test (smb2.c:112)
==16002== by 0x955368F: internal_torture_run_test (torture.c:442)
==16002== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16002== by 0x26013F: run_matching (smbtorture.c:110)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260001: run_matching (smbtorture.c:95)
==16002== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16002== by 0x261EDF: main (smbtorture.c:665)
==16002==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/oplock.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 7071779..165c4d7 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3339,6 +3339,9 @@ static bool test_smb2_oplock_brl1(struct torture_context *tctx,
ZERO_STRUCT(break_info);
torture_comment(tctx, "a self BRL acquisition should break to none\n");
+
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From 57b3d1a1aba0e2d15c25494e2776810028781c77 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:07:21 +0100
Subject: [PATCH 23/32] s4:torture:smb2 fix 'Use of uninitialised value of size
8' valgrind error.
smbtorture test smb2.oplock.brl2.brl2 generates the following
valgrind trace
==16443== Use of uninitialised value of size 8
==16443== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16443== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16443== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16443== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16443== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16443== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16443== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16443== by 0x5B07AAE: smb2_lock (lock.c:80)
==16443== by 0x4B5971: test_smb2_oplock_brl2 (oplock.c:3464)
==16443== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16443== by 0x955368F: internal_torture_run_test (torture.c:442)
==16443== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16443== by 0x26013F: run_matching (smbtorture.c:110)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16443== by 0x261EDF: main (smbtorture.c:665)
==16443==
==16443== Use of uninitialised value of size 8
==16443== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16443== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16443== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16443== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16443== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16443== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16443== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16443== by 0x5B07AAE: smb2_lock (lock.c:80)
==16443== by 0x4B5971: test_smb2_oplock_brl2 (oplock.c:3464)
==16443== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16443== by 0x955368F: internal_torture_run_test (torture.c:442)
==16443== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16443== by 0x26013F: run_matching (smbtorture.c:110)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260001: run_matching (smbtorture.c:95)
==16443== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16443== by 0x261EDF: main (smbtorture.c:665)
==16443==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/oplock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 165c4d7..e156dc6 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3451,6 +3451,8 @@ static bool test_smb2_oplock_brl2(struct torture_context *tctx, struct smb2_tree
torture_comment(tctx, "a self BRL acquisition should not break to "
"none\n");
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From e8379e1b6fbbeca315545ff7c94640085eb731b4 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:11:16 +0100
Subject: [PATCH 24/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error
smbtorture test smb2.oplock.brl3.brl3 generated the following valgrind
trace
==16564== Use of uninitialised value of size 8
==16564== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16564== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16564== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16564== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16564== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16564== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16564== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16564== by 0x5B07AAE: smb2_lock (lock.c:80)
==16564== by 0x4B62B1: test_smb2_oplock_brl3 (oplock.c:3578)
==16564== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16564== by 0x955368F: internal_torture_run_test (torture.c:442)
==16564== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16564== by 0x26013F: run_matching (smbtorture.c:110)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16564== by 0x261EDF: main (smbtorture.c:665)
==16564==
==16564== Use of uninitialised value of size 8
==16564== at 0x8F00649: _samba_rijndaelEncrypt (rijndael-alg-fst.c:963)
==16564== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16564== by 0x8F01BB2: aes_cmac_128_final (aes_cmac_128.c:179)
==16564== by 0xB0D11E5: smb2_signing_sign_pdu (smb2_signing.c:78)
==16564== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16564== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16564== by 0x5B078DF: smb2_lock_send (lock.c:52)
==16564== by 0x5B07AAE: smb2_lock (lock.c:80)
==16564== by 0x4B62B1: test_smb2_oplock_brl3 (oplock.c:3578)
==16564== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16564== by 0x955368F: internal_torture_run_test (torture.c:442)
==16564== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16564== by 0x26013F: run_matching (smbtorture.c:110)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260001: run_matching (smbtorture.c:95)
==16564== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16564== by 0x261EDF: main (smbtorture.c:665)
==16564==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/oplock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index e156dc6..ead341d 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -3565,6 +3565,8 @@ static bool test_smb2_oplock_brl3(struct torture_context *tctx, struct smb2_tree
torture_comment(tctx, "a self BRL acquisition should break to none\n");
+ ZERO_STRUCT(lock);
+
lock[0].offset = 0;
lock[0].length = 4;
lock[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE |
--
2.1.4
From 9ce20b838ae4cf94f053a3e84afcc28cf87fa2c1 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:22:37 +0100
Subject: [PATCH 25/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.io.io generates the following valgrind trace
==16652== Use of uninitialised value of size 8
==16652== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==16652== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16652== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16652== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16652== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16652== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16652== by 0x5B030F3: smb2_close_send (close.c:42)
==16652== by 0x5B0358A: smb2_close (close.c:78)
==16652== by 0x5B087B3: smb2_util_close (util.c:40)
==16652== by 0x51AF21: test_stream_io (streams.c:480)
==16652== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16652== by 0x955368F: internal_torture_run_test (torture.c:442)
==16652== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16652== by 0x26013F: run_matching (smbtorture.c:110)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16652== by 0x261EDF: main (smbtorture.c:665)
==16652==
==16652== Use of uninitialised value of size 8
==16652== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16652== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16652== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16652== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16652== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16652== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16652== by 0x5B030F3: smb2_close_send (close.c:42)
==16652== by 0x5B0358A: smb2_close (close.c:78)
==16652== by 0x5B087B3: smb2_util_close (util.c:40)
==16652== by 0x51AF21: test_stream_io (streams.c:480)
==16652== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16652== by 0x955368F: internal_torture_run_test (torture.c:442)
==16652== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16652== by 0x26013F: run_matching (smbtorture.c:110)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260001: run_matching (smbtorture.c:95)
==16652== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16652== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index d9098af..14e5288 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -318,6 +318,9 @@ static bool test_stream_io(struct torture_context *tctx,
const char *three[] = { "::$DATA", ":Stream One:$DATA",
":Second Stream:$DATA" };
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h2);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
"Second Stream");
--
2.1.4
From f1d9ff915b7e1c7e3ac653cc9ee7acdbb510958d Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:32:48 +0100
Subject: [PATCH 26/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.sharemodes.sharemodes generates the following valgrind
trace
==16980== Use of uninitialised value of size 8
==16980== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==16980== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16980== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16980== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16980== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16980== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16980== by 0x5B030F3: smb2_close_send (close.c:42)
==16980== by 0x5B0358A: smb2_close (close.c:78)
==16980== by 0x5B087B3: smb2_util_close (util.c:40)
==16980== by 0x51B4F3: test_stream_sharemodes (streams.c:557)
==16980== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16980== by 0x955368F: internal_torture_run_test (torture.c:442)
==16980== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16980== by 0x26013F: run_matching (smbtorture.c:110)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16980== by 0x261EDF: main (smbtorture.c:665)
==16980==
==16980== Use of uninitialised value of size 8
==16980== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==16980== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==16980== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==16980== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==16980== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==16980== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==16980== by 0x5B030F3: smb2_close_send (close.c:42)
==16980== by 0x5B0358A: smb2_close (close.c:78)
==16980== by 0x5B087B3: smb2_util_close (util.c:40)
==16980== by 0x51B4F3: test_stream_sharemodes (streams.c:557)
==16980== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==16980== by 0x955368F: internal_torture_run_test (torture.c:442)
==16980== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==16980== by 0x26013F: run_matching (smbtorture.c:110)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260001: run_matching (smbtorture.c:95)
==16980== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==16980== by 0x261EDF: main (smbtorture.c:665)
==16980==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/streams.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 14e5288..f2c5799 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -574,6 +574,10 @@ static bool test_stream_sharemodes(struct torture_context *tctx,
bool ret = true;
struct smb2_handle h, h1, h2;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s:$DaTa", fname,
"Second Stream");
--
2.1.4
From 40a8af4928eca054b1854234e50c21a9edfd4788 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 10:48:39 +0100
Subject: [PATCH 27/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.names.names generated the following
valgrind trace.
(../source4/torture/smb2/streams.c:791) testing stream names
==17238== Use of uninitialised value of size 8
==17238== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17238== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17238== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17238== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17238== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17238== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17238== by 0x5B030F3: smb2_close_send (close.c:42)
==17238== by 0x5B0358A: smb2_close (close.c:78)
==17238== by 0x5B087B3: smb2_util_close (util.c:40)
==17238== by 0x51E480: test_stream_names (streams.c:1053)
==17238== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17238== by 0x955368F: internal_torture_run_test (torture.c:442)
==17238== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17238== by 0x26013F: run_matching (smbtorture.c:110)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17238== by 0x261EDF: main (smbtorture.c:665)
==17238==
==17238== Use of uninitialised value of size 8
==17238== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17238== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17238== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17238== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17238== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17238== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17238== by 0x5B030F3: smb2_close_send (close.c:42)
==17238== by 0x5B0358A: smb2_close (close.c:78)
==17238== by 0x5B087B3: smb2_util_close (util.c:40)
==17238== by 0x51E480: test_stream_names (streams.c:1053)
==17238== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17238== by 0x955368F: internal_torture_run_test (torture.c:442)
==17238== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17238== by 0x26013F: run_matching (smbtorture.c:110)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260001: run_matching (smbtorture.c:95)
==17238== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17238== by 0x261EDF: main (smbtorture.c:665)
==17238==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/streams.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index f2c5799..449dd50 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -841,6 +841,11 @@ static bool test_stream_names(struct torture_context *tctx,
":?Stream*:$DATA"
};
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+ ZERO_STRUCT(h2);
+ ZERO_STRUCT(h3);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname, "\x05Stream\n One");
sname1b = talloc_asprintf(mem_ctx, "%s:", sname1);
sname1c = talloc_asprintf(mem_ctx, "%s:$FOO", sname1);
--
2.1.4
From 5dccb012dd7cb44fcdd51852057ac21828016a92 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:00:25 +0100
Subject: [PATCH 28/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.rename2.rename2 generates the following valgrind
trace
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 449dd50..8aa4b1a 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -1334,6 +1334,9 @@ static bool test_stream_rename2(struct torture_context *tctx,
struct smb2_handle h, h1;
union smb_setfileinfo sinfo;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+
sname1 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream One");
sname2 = talloc_asprintf(mem_ctx, "%s:%s", fname1, "Stream Two");
--
2.1.4
From 1107564ce15932a8d8f5bee31fc1fe186ded7335 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:26:03 +0100
Subject: [PATCH 29/32] s4:torture:smb2: fix 'Use of uninitialised value of
size 8' valgrind error.
smbtorture test smb2.streams.attributes.attributes generates the following
valgrind trace,
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
==17997==
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/smb2/streams.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
index 8aa4b1a..8c3f161 100644
--- a/source4/torture/smb2/streams.c
+++ b/source4/torture/smb2/streams.c
@@ -1685,6 +1685,9 @@ static bool test_stream_attributes(struct torture_context *tctx,
union smb_setfileinfo sfinfo;
time_t basetime = (time(NULL) - 86400) & ~1;
+ ZERO_STRUCT(h);
+ ZERO_STRUCT(h1);
+
torture_comment(tctx, "(%s) testing attribute setting on stream\n",
__location__);
--
2.1.4
From 29a7aaabe47ba4b646e0c476e655c5ac1c242380 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:46:24 +0100
Subject: [PATCH 30/32] s4:torture:libnet: fix 'Conditional jump or move'
valgrind error
smbtorture test net.domopen.domopen generated the following valgrind
trace.
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D31: libnet_DomainOpen_send (libnet_domain.c:617)
==29054== by 0x9788E01: libnet_DomainOpen (libnet_domain.c:676)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29054== by 0x261EDF: main (smbtorture.c:665)
==29054==
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D95: libnet_DomainOpen_recv (libnet_domain.c:648)
==29054== by 0x9788E1D: libnet_DomainOpen (libnet_domain.c:677)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/libnet/domain.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/torture/libnet/domain.c b/source4/torture/libnet/domain.c
index 71753de..c1cfc91 100644
--- a/source4/torture/libnet/domain.c
+++ b/source4/torture/libnet/domain.c
@@ -33,6 +33,8 @@ static bool test_domainopen(struct torture_context *tctx,
NTSTATUS status;
struct libnet_DomainOpen io;
+ ZERO_STRUCT(io);
+
torture_comment(tctx, "opening domain\n");
io.in.domain_name = talloc_strdup(mem_ctx, domname->string);
--
2.1.4
From 53f8b6ed00d20cc52e3bb813de1090a46ad3b675 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 11:57:46 +0100
Subject: [PATCH 31/32] s4:torture:libnet: fix 'Syscall param
writev(vector[...])' valgrind error
smbtorture test net.api.delshare.api.delshare generates the following
valgrind trace
==29209== Syscall param writev(vector[...]) points to uninitialised byte(s)
==29209== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==29209== by 0x106CB033: writev_handler (async_sock.c:340)
==29209== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
==29209== Address 0x1887fd16 is 598 bytes inside a block of size 1,325 alloc'd
==29209== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29209== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==29209== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==29209== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==29209== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==29209== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==29209== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==29209== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==29209== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==29209== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/libnet/libnet_share.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c
index b9e969f..3c50883 100644
--- a/source4/torture/libnet/libnet_share.c
+++ b/source4/torture/libnet/libnet_share.c
@@ -176,6 +176,10 @@ static bool test_addshare(struct torture_context *tctx,
union srvsvc_NetShareInfo info;
struct srvsvc_NetShareInfo2 i;
+ ZERO_STRUCT(i);
+ ZERO_STRUCT(info);
+ ZERO_STRUCT(add);
+
i.name = share;
i.type = STYPE_DISKTREE;
i.path = "C:\\WINDOWS\\TEMP";
--
2.1.4
From 2ddc5766fb200ccdac983e171a4f6e9b5c7d1c87 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power at suse.com>
Date: Wed, 20 Apr 2016 14:49:44 +0100
Subject: [PATCH 32/32] s4:torture:vfs: fix Invalid read of size 8 valgrind
valgrind error (and segv)
when running smbtorture test
'vfs.fruit.SMB2/CREATE context AAPL.SMB2/CREATE context AAPL'
(on non-osx system) the following valgrind errors occur
==2419== Invalid read of size 8
==2419== at 0x4055EA: test_aapl (fruit.c:1939)
==2419== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==2419== by 0x955368F: internal_torture_run_test (torture.c:442)
==2419== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==2419== by 0x26013F: run_matching (smbtorture.c:110)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==2419== by 0x261EDF: main (smbtorture.c:665)
==2419== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==2419==
===============================================================
INTERNAL ERROR: Signal 11 in pid 2419 (4.2.4)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
---
source4/torture/vfs/fruit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index ae978c2..020bd1f 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -1936,6 +1936,14 @@ static bool test_aapl(struct torture_context *tctx,
aapl = smb2_create_blob_find(&io.out.blobs,
SMB2_CREATE_TAG_AAPL);
+ if (aapl == NULL) {
+ torture_result(tctx, TORTURE_FAIL,
+ "(%s) unexpectedly no AAPL capabilities were returned.",
+ __location__);
+ ret = false;
+ goto done;
+ }
+
if (aapl->data.length != 50) {
/*
* uint32_t CommandCode = kAAPL_SERVER_QUERY
--
2.1.4
More information about the samba-technical
mailing list