==27165==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc12312b10 at pc 0x7f5f2219512b bp 0x7ffc123126e0 sp 0x7ffc123126d0 READ of size 4 at 0x7ffc12312b10 thread T0 #0 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8466 #1 0x7f5f2219512a in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8639 #2 0x7f5f221c782a in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9002 #3 0x7f5f221c7920 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:26360 #4 0x7f5f29408c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416 #5 0x7f5f2940929a in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553 #6 0x7f5f24f591d0 in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722 #7 0x55e0acb3dd50 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293 #8 0x55e0acb6c9d7 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126 #9 0x55e0acb8db83 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344 #10 0x55e0acb8db83 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489 #11 0x55e0acb8db83 in test_printer_dm ../../source4/torture/rpc/spoolss.c:8883 #12 0x7f5f260eef7e in wrap_test_with_simple_test ../../lib/torture/torture.c:732 #13 0x7f5f260f095a in internal_torture_run_test ../../lib/torture/torture.c:442 #14 0x7f5f260f1048 in torture_run_tcase_restricted ../../lib/torture/torture.c:507 #15 0x7f5f260f1417 in torture_run_suite_restricted ../../lib/torture/torture.c:357 #16 0x7f5f260f1644 in torture_run_suite ../../lib/torture/torture.c:339 #17 0x55e0acd40d0e in run_matching ../../source4/torture/smbtorture.c:93 #18 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95 #19 0x55e0acd40c58 in run_matching ../../source4/torture/smbtorture.c:95 #20 0x55e0acd41bc4 in torture_run_named_tests ../../source4/torture/smbtorture.c:143 #21 0x55e0acd44e61 in main ../../source4/torture/smbtorture.c:691 #22 0x7f5f20a45b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #23 0x55e0ac7999f9 in _start (/home/gary/projects/samba04/bin/default/source4/torture/smbtorture+0x4249f9) Address 0x7ffc12312b10 is located in stack of thread T0 at offset 32 in frame #0 0x55e0acb6c5b5 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090 This frame has 6 object(s): [32, 36) 'info8' <== Memory access at offset 32 is inside this variable [96, 104) 'sinfo' [160, 176) 'info_ctr' [224, 240) 'devmode_ctr' [288, 304) 'secdesc_ctr' [352, 488) 'info' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope librpc/gen_ndr/ndr_spoolss.c:8466 in ndr_push_spoolss_SetPrinterInfo8 Shadow bytes around the buggy address: 0x10000245a510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000245a520: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00 00 00 0x10000245a530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000245a540: f1 f1 f1 f1 00 00 00 00 00 00 f2 f2 00 00 00 00 0x10000245a550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 =>0x10000245a560: f1 f1[f8]f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 0x10000245a570: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 0x10000245a580: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 0x10000245a590: 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 0x10000245a5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10000245a5b0: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Reproducer: make TESTS="samba3.rpc.spoolss.printer" test