[PATCH] ldb: Fix index out of bound in ldb_msg_find_common_values

Lukas Slebodnik lslebodn at redhat.com
Wed Jul 5 14:17:23 UTC 2017 

On (05/07/17 15:37), Stefan Metzmacher via samba-technical wrote:
>Hello Lukas,
>
>> I noticed failure[1] when I was packaging libldb-1.2.0 to fedora
>> which was required for samba-4.7.0rc1. And I was quite lucky that
>> it failed at least for i386 :-)
>> 
>> I did not noticed it with 1.1.31 because unit tests were not executed as part
>> of build due to other issues.
>
>What does valgrind say on x86_64?
>

Almost the same it just failed in different test on x86_64

[ RUN      ] test_ldb_msg_find_common_values
--340-- REDIR: 0x606cda0 (libc.so.6:__strcmp_ssse3) redirected to 0x4c33cb0 (strcmp)
==340== Invalid read of size 8
==340==    at 0x5068E74: ldb_val_cmp (ldb_msg.c:95)
==340==    by 0x5068E74: ldb_msg_find_common_values (ldb_msg.c:266)
==340==    by 0x109849: test_ldb_msg_find_common_values (ldb_msg.c:265)
==340==    by 0x58E1978: ??? (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x58E2260: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x108C9F: main (ldb_msg.c:352)
==340==  Address 0x62fb8a8 is 8 bytes after a block of size 96 alloc'd
==340==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==340==    by 0x5CFEC5B: _talloc_array (in /usr/lib64/libtalloc.so.2.1.9)
==340==    by 0x5068DA0: ldb_msg_find_common_values (ldb_msg.c:245)
==340==    by 0x109849: test_ldb_msg_find_common_values (ldb_msg.c:265)
==340==    by 0x58E1978: ??? (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x58E2260: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x108C9F: main (ldb_msg.c:352)
==340== 
==340== Invalid read of size 8
==340==    at 0x5068E74: ldb_val_cmp (ldb_msg.c:95)
==340==    by 0x5068E74: ldb_msg_find_common_values (ldb_msg.c:266)
==340==    by 0x1098A1: test_ldb_msg_find_common_values (ldb_msg.c:269)
==340==    by 0x58E1978: ??? (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x58E2260: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x108C9F: main (ldb_msg.c:352)
==340==  Address 0x62fbc68 is 8 bytes after a block of size 96 alloc'd
==340==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==340==    by 0x5CFEC5B: _talloc_array (in /usr/lib64/libtalloc.so.2.1.9)
==340==    by 0x5068DA0: ldb_msg_find_common_values (ldb_msg.c:245)
==340==    by 0x1098A1: test_ldb_msg_find_common_values (ldb_msg.c:269)
==340==    by 0x58E1978: ??? (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x58E2260: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.4.1)
==340==    by 0x108C9F: main (ldb_msg.c:352)
==340== 
[       OK ] test_ldb_msg_find_common_values
[==========] 2 test(s) run.
[  PASSED  ] 2 test(s).

BTW when I was debugging it on i686 chroot I could not see failure in test.
Therefore I tried valgrind. I was really lucky that it failed in fedora build
system(koji) on i686. Because armv7hl in 32 bit as well but unit test did not
fail.

LS

More information about the samba-technical mailing list