The Samba-Bugzilla – Attachment 17441 Details for
Bug 15128
possible use after free of connection_struct when iterating smbd_server_connection->connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
valgrind output
valgrind2 (text/plain), 4.05 KB, created by
Noel Power
on 2022-07-23 12:08:51 UTC
(
hide
)
Description:
valgrind output
Filename:
MIME Type:
Creator:
Noel Power
Created:
2022-07-23 12:08:51 UTC
Size:
4.05 KB
patch
obsolete
> >==27323== Invalid read of size 8 >==27323== at 0x5247AA6: conn_clear_vuid_caches (conn.c:177) >==27323== by 0x5131195: invalidate_vuid (password.c:50) >==27323== by 0x52276CA: smbXsrv_session_logoff (smbXsrv_session.c:1830) >==27323== by 0x520147E: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1353) >==27323== by 0x634EB2A: _tevent_req_notify_callback (tevent_req.c:141) >==27323== by 0x634EC8B: tevent_req_finish (tevent_req.c:193) >==27323== by 0x634EDB8: tevent_req_trigger (tevent_req.c:250) >==27323== by 0x634D9D7: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==27323== by 0x634DB26: tevent_common_loop_immediate (tevent_immediate.c:236) >==27323== by 0x6357F88: epoll_event_loop_once (tevent_epoll.c:918) >==27323== by 0x63549BB: std_event_loop_once (tevent_standard.c:110) >==27323== by 0x634BFC7: _tevent_loop_once (tevent.c:790) >==27323== by 0x634C2E2: tevent_common_loop_wait (tevent.c:913) >==27323== by 0x6354A5D: std_event_loop_wait (tevent_standard.c:141) >==27323== by 0x634C385: _tevent_loop_wait (tevent.c:932) >==27323== by 0x51DABD4: smbd_process (process.c:4248) >==27323== by 0x116288: smbd_accept_connection (server.c:1022) >==27323== by 0x634D0F6: tevent_common_invoke_fd_handler (tevent_fd.c:142) >==27323== by 0x63579DB: epoll_event_loop (tevent_epoll.c:736) >==27323== by 0x6358022: epoll_event_loop_once (tevent_epoll.c:937) >==27323== by 0x63549BB: std_event_loop_once (tevent_standard.c:110) >==27323== by 0x634BFC7: _tevent_loop_once (tevent.c:790) >==27323== by 0x634C2E2: tevent_common_loop_wait (tevent.c:913) >==27323== by 0x6354A5D: std_event_loop_wait (tevent_standard.c:141) >==27323== by 0x634C385: _tevent_loop_wait (tevent.c:932) >==27323== by 0x116F10: smbd_parent_loop (server.c:1366) >==27323== by 0x1191E3: main (server.c:2186) >==27323== Address 0x1aa9e320 is 224 bytes inside a block of size 328 free'd >==27323== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==27323== by 0x5CFFF51: _tc_free_internal (talloc.c:1222) >==27323== by 0x5D00E93: _tc_free_children_internal (talloc.c:1669) >==27323== by 0x5CFFE34: _tc_free_internal (talloc.c:1184) >==27323== by 0x5D00E93: _tc_free_children_internal (talloc.c:1669) >==27323== by 0x5CFFE34: _tc_free_internal (talloc.c:1184) >==27323== by 0x5D00E93: _tc_free_children_internal (talloc.c:1669) >==27323== by 0x5CFFE34: _tc_free_internal (talloc.c:1184) >==27323== by 0x5D00E93: _tc_free_children_internal (talloc.c:1669) >==27323== by 0x5CFFE34: _tc_free_internal (talloc.c:1184) >==27323== by 0x5CFFFF5: _talloc_free_internal (talloc.c:1248) >==27323== by 0x5D012BD: _talloc_free (talloc.c:1792) >==27323== by 0x51FA5E3: smbd_smb2_flush_send_queue (smb2_server.c:4815) >==27323== by 0x51F7626: smbd_smb2_request_reply (smb2_server.c:3828) >==27323== by 0x51F7E61: smbd_smb2_request_done_ex (smb2_server.c:3982) >==27323== by 0x52011F9: smbd_smb2_request_logoff_done (smb2_sesssetup.c:1281) >==27323== by 0x634EB2A: _tevent_req_notify_callback (tevent_req.c:141) >==27323== by 0x634EC8B: tevent_req_finish (tevent_req.c:193) >==27323== by 0x634ECB8: _tevent_req_done (tevent_req.c:199) >==27323== by 0x52014DB: smbd_smb2_logoff_shutdown_done (smb2_sesssetup.c:1364) >==27323== by 0x634EB2A: _tevent_req_notify_callback (tevent_req.c:141) >==27323== by 0x634EC8B: tevent_req_finish (tevent_req.c:193) >==27323== by 0x634EDB8: tevent_req_trigger (tevent_req.c:250) >==27323== by 0x634D9D7: tevent_common_invoke_immediate_handler (tevent_immediate.c:190) >==27323== by 0x634DB26: tevent_common_loop_immediate (tevent_immediate.c:236) >==27323== by 0x6357F88: epoll_event_loop_once (tevent_epoll.c:918) >==27323== by 0x63549BB: std_event_loop_once (tevent_standard.c:110) >==27323== by 0x634BFC7: _tevent_loop_once (tevent.c:790) >==27323== by 0x634C2E2: tevent_common_loop_wait (tevent.c:913) >==27323== by 0x6354A5D: std_event_loop_wait (tevent_standard.c:141) >==27323== by 0x634C385: _tevent_loop_wait (tevent.c:932) >==27323== by 0x51DABD4: smbd_process (process.c:4248)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15128
:
17440
|
17441
|
17442
|
17443
|
17444
|
17457
|
17458
|
17459
|
17478
|
17479
|
17481
|
17482
|
17483