[Samba] Coredump when copying .docx file (4.15.1)
Jeremy Allison
jra at samba.org
Tue Nov 2 01:57:17 UTC 2021
On Mon, Nov 01, 2021 at 06:49:20PM -0700, Jeremy Allison via samba wrote:
>On Mon, Nov 01, 2021 at 09:38:07PM +0100, Sen Haerens via samba wrote:
>>I'm copying from a Macbook (Big Sur 11.6) to an Arch Linux system (kernel
>>5.14.15), tested with Samba 4.15 and 4.15.1.
>>
>>The copying hangs on the client and the share is unmounted. After
>>remounting the share it appears the file has been successfully copied. I do
>>not have access to Bugzilla, so posting here.
>>
>>Here is the backtrace:
>>https://gist.github.com/SenH/2a611b30b8ed9ef7c234b7d14d75d074
>
>Are you able to rebuild Samba ? If so, I think this may
>be the fix:
>
>diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
>index fd435b6592d..854c239963b 100644
>--- a/source3/lib/adouble.c
>+++ b/source3/lib/adouble.c
>@@ -2592,8 +2592,7 @@ int ad_fset(struct vfs_handle_struct *handle,
> DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp));
> if ((fsp == NULL)
>- || (fsp->fh == NULL)
>- || (fsp_get_io_fd(fsp) == -1))
>+ || (fsp->fh == NULL))
> {
> smb_panic("bad fsp");
> }
>@@ -2612,6 +2611,9 @@ int ad_fset(struct vfs_handle_struct *handle,
> AD_DATASZ_XATTR, 0);
> break;
> case ADOUBLE_RSRC:
>+ if (fsp_get_io_fd(fsp) == -1) {
>+ smb_panic("bad fsp for ADOUBLE_RSRC");
>+ }
> len = SMB_VFS_NEXT_PWRITE(handle,
> fsp,
> ad->ad_data,
>
>--
FYI, we're tracking this at:
https://bugzilla.samba.org/show_bug.cgi?id=14890
What I'd love to see from you is a wireshark trace
on port 445 just before the crash, so I can use
this to write a regression test to ensure we don't
make this mistake again.
Any chance you can get and post the wireshark .pcap
file on the bug ?
Thanks !
Jeremy.
More information about the samba
mailing list