smbclient segfaults using the echo command. Reproducer: 1. smbclient //magrathea/wurst 2. echo 5 42 we call TALLOC_FREE(subreq) and a few lines later smbXcli_req_set_pending(subreq) on the NULL pointer. Backtrace: #0 0x00007ffff6bc7702 in _tevent_req_data (req=0x0) at ../lib/tevent/tevent_req.c:321 No locals. #1 0x00007ffff7e2f837 in smbXcli_req_set_pending (req=0x0) at ../libcli/smb/smbXcli_base.c:881 state = 0x7ffff7e4c7b0 conn = 0x5555555b53e0 pending = 0x5555555b5380 num_pending = 0 #2 0x00007ffff7e3dfa0 in smb1cli_echo_done (subreq=0x0) at ../libcli/smb/smb1cli_echo.c:123 req = 0x5555555b6d20 state = 0x5555555b6eb0 status = {v = 0} num_bytes = 2 bytes = 0x5555555b5b59 "42\377\377\177" recv_iov = 0x5555555b5800 expected = {{status = {v = 0}, wct = 1 '\001'}} #3 0x00007ffff6bc7175 in _tevent_req_notify_callback (req=0x5555555b53e0, location=0x7ffff7e4a8e8 "../libcli/smb/smbXcli_base.c:2074") at ../lib/tevent/tevent_req.c:112 No locals. #4 0x00007ffff6bc7248 in tevent_req_finish (req=0x5555555b53e0, state=TEVENT_REQ_DONE, location=0x7ffff7e4a8e8 "../libcli/smb/smbXcli_base.c:2074") at ../lib/tevent/tevent_req.c:149 No locals. #5 0x00007ffff6bc726f in _tevent_req_done (req=0x5555555b53e0, location=0x7ffff7e4a8e8 "../libcli/smb/smbXcli_base.c:2074") at ../lib/tevent/tevent_req.c:155 No locals. #6 0x00007ffff7e32a19 in smb1cli_conn_dispatch_incoming (conn=0x5555555897c0, tmp_mem=0x5555555b73c0, inbuf=0x0) at ../libcli/smb/smbXcli_base.c:2074 req = 0x5555555b53e0 state = 0x5555555b5570 status = {v = 0} num_pending = 1 i = 0 cmd = 43 '+' mid = 8 oplock_break = false inhdr = 0x5555555b5b34 "\377SMB+" len = 39 iov = 0x5555555b7430 num_iov = 3 chain = 0x0 num_chained = 0 num_responses = 0 __FUNCTION__ = "smb1cli_conn_dispatch_incoming"
Created attachment 10292 [details] proposed patch for master
Created attachment 10302 [details] v4-1-test patch
Comment on attachment 10302 [details] v4-1-test patch LGTM.
Re-assigning to Karolin for inclusion in 4.1.next. Jeremy.
Pushed to autobuild-v4-1-test.
Pushed to v4-1-test. Closing out bug report. Thanks!