Bug 11622 - fix invalid read in smb2cli_ioctl_done()
Summary: fix invalid read in smb2cli_ioctl_done()
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Blocks: 11623
  Show dependency treegraph
Reported: 2015-11-27 16:38 UTC by Stefan Metzmacher
Modified: 2016-04-20 07:18 UTC (History)
3 users (show)

See Also:

Patch for v4-3-test (6.33 KB, patch)
2016-04-13 17:22 UTC, Stefan Metzmacher
jra: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2015-11-27 16:38:02 UTC
==7913== Invalid read of size 1
==7913==    at 0xC4F23EE: smb2cli_ioctl_done (smb2cli_ioctl.c:245)
==7913==    by 0x747A744: _tevent_req_notify_callback (tevent_req.c:112)
==7913==    by 0x747A817: tevent_req_finish (tevent_req.c:149)
==7913==    by 0x747A93C: tevent_req_trigger (tevent_req.c:206)
==7913==    by 0x7479B2B: tevent_common_loop_immediate
==7913==    by 0xA9CB4BE: run_events_poll (events.c:192)
==7913==    by 0xA9CBB32: s3_event_loop_once (events.c:303)
==7913==    by 0x7478C72: _tevent_loop_once (tevent.c:533)
==7913==    by 0x747AACD: tevent_req_poll (tevent_req.c:256)
==7913==    by 0x505315D: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==7913==    by 0xA7201F2: cli_tree_connect (cliconnect.c:2764)
==7913==    by 0x165FF7: cm_prepare_connection (winbindd_cm.c:1276)
==7913==  Address 0x16ce24ec is 764 bytes inside a block of size 813 alloc'd
==7913==    at 0x4C29110: malloc (in
==7913==    by 0x768A0C1: __talloc_with_prefix (talloc.c:668)
==7913==    by 0x768A27E: _talloc_pool (talloc.c:721)
==7913==    by 0x768A41E: _talloc_pooled_object (talloc.c:790)
==7913==    by 0x747A594: _tevent_req_create (tevent_req.c:66)
==7913==    by 0xCF6E2FA: read_packet_send (async_sock.c:414)
==7913==    by 0xCF6EB54: read_smb_send (read_smb.c:54)
==7913==    by 0xC4DA146: smbXcli_conn_receive_next (smbXcli_base.c:1027)
==7913==    by 0xC4DA02D: smbXcli_req_set_pending (smbXcli_base.c:978)
==7913==    by 0xC4DF776: smb2cli_req_compound_submit (smbXcli_base.c:3166)
==7913==    by 0xC4DFC1D: smb2cli_req_send (smbXcli_base.c:3268)
==7913==    by 0xC4F2210: smb2cli_ioctl_send (smb2cli_ioctl.c:149)
Comment 1 Stefan Metzmacher 2016-04-13 17:22:58 UTC
Created attachment 11989 [details]
Patch for v4-3-test
Comment 2 Jeremy Allison 2016-04-13 17:52:05 UTC
Comment on attachment 11989 [details]
Patch for v4-3-test

Comment 3 Jeremy Allison 2016-04-13 17:52:27 UTC
Reassigning to Karolin for inclusion in 4.3.next.
Comment 4 Karolin Seeger 2016-04-18 10:45:29 UTC
Pushed to autobuild-v4-3-test.
Comment 5 Karolin Seeger 2016-04-20 07:18:33 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to v4-3-test.
Closing out bug report.