================================================================= ==19205==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc4680b404 at pc 0x7f5be49269df bp 0x7ffc4680b0e0 sp 0x7ffc4680a890 READ of size 8 at 0x7ffc4680b404 thread T0 #0 0x7f5be49269de (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0x5d9de) #1 0x7f5bd9270053 in tdb_write ../common/io.c:184 #2 0x7f5bd9265dab in _tdb_storev ../common/tdb.c:617 #3 0x7f5bd926686b in _tdb_store ../common/tdb.c:643 #4 0x7f5bd926686b in tdb_store ../common/tdb.c:667 #5 0x7f5be155331f in cleanupdb_store_child ../source3/lib/cleanupdb.c:72 #6 0x562faaadea66 in remove_child_pid ../source3/smbd/server.c:836 #7 0x562faaadea66 in smbd_sig_chld_handler ../source3/smbd/server.c:916 #8 0x7f5bdf9747d0 in tevent_common_check_signal ../tevent_signal.c:417 #9 0x7f5bdf97a80b in epoll_event_loop ../tevent_epoll.c:647 #10 0x7f5bdf97a80b in epoll_event_loop_once ../tevent_epoll.c:930 #11 0x7f5bdf974cbe in std_event_loop_once ../tevent_standard.c:114 #12 0x7f5bdf968d3d in _tevent_loop_once ../tevent.c:721 #13 0x7f5bdf96948a in tevent_common_loop_wait ../tevent.c:844 #14 0x7f5bdf974baa in std_event_loop_wait ../tevent_standard.c:145 #15 0x562faaad880e in smbd_parent_loop ../source3/smbd/server.c:1384 #16 0x562faaad880e in main ../source3/smbd/server.c:2038 #17 0x7f5bdf5e81e0 in __libc_start_main (/lib64/libc.so.6+0x201e0) #18 0x562faaad9049 in _start (/usr/sbin/smbd+0x13049) Address 0x7ffc4680b404 is located in stack of thread T0 at offset 36 in frame #0 0x7f5be155327f in cleanupdb_store_child ../source3/lib/cleanupdb.c:59 This frame has 1 object(s): [32, 36) 'key' <== Memory access at offset 36 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so.3+0x5d9de) Shadow bytes around the buggy address: 0x100008cf9630: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 0x100008cf9640: f4 f4 f2 f2 f2 f2 00 00 f4 f4 f2 f2 f2 f2 00 00 0x100008cf9650: 00 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 0x100008cf9660: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f4 f4 f3 f3 0x100008cf9670: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x100008cf9680:[04]f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x100008cf9690: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 0x100008cf96a0: f2 f2 f2 f2 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 0x100008cf96b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100008cf96c0: 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 0x100008cf96d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==19205==ABORTING