The Samba-Bugzilla – Attachment 16266 Details for
Bug 14515
assert_no_pending_aio() causes a core dump due to TALLOC_FREE() overwriting a valid value with NULL.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.12.next, 4.13.next.
0001-s3-smbd-Don-t-overwrite-contents-of-fsp-aio_requests.patch (text/plain), 1.75 KB, created by
Jeremy Allison
on 2020-09-30 17:50:05 UTC
(
hide
)
Description:
git-am fix for 4.12.next, 4.13.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2020-09-30 17:50:05 UTC
Size:
1.75 KB
patch
obsolete
>From 8150fca1aaf9934fe602fe2c9fdb3892ca3379fc Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Sat, 26 Sep 2020 22:14:33 -0700 >Subject: [PATCH] s3: smbd: Don't overwrite contents of fsp->aio_requests[0] > with NULL via TALLOC_FREE(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >They may have been carefully set by the aio_del_req_from_fsp() >destructor so we must not overwrite here. > >Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan@nasuni.com>. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Ralph Böhme <slow@samba.org> >Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184 > >(cherry picked from commit fca8cb63762faff54cda243c1ed8217b36333131) >--- > source3/smbd/close.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/close.c b/source3/smbd/close.c >index 68154a61ab5..9974877edc2 100644 >--- a/source3/smbd/close.c >+++ b/source3/smbd/close.c >@@ -666,7 +666,19 @@ static void assert_no_pending_aio(struct files_struct *fsp, > * fsp->aio_requests[x], causing a crash. > */ > while (fsp->num_aio_requests != 0) { >- TALLOC_FREE(fsp->aio_requests[0]); >+ /* >+ * NB. We *MUST* use >+ * talloc_free(fsp->aio_requests[0]), >+ * and *NOT* TALLOC_FREE() here, as >+ * TALLOC_FREE(fsp->aio_requests[0]) >+ * will overwrite any new contents of >+ * fsp->aio_requests[0] that were >+ * copied into it via the destructor >+ * aio_del_req_from_fsp(). >+ * >+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515 >+ */ >+ talloc_free(fsp->aio_requests[0]); > } > return; > } >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 14515
: 16266