Bug 11947 - lib/replace/snprintf.c:fmtint -- buffer too small (convert[20])
Summary: lib/replace/snprintf.c:fmtint -- buffer too small (convert[20])
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.4.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
: 2609 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-06-02 10:26 UTC by Lorinczy Zsigmond
Modified: 2017-06-29 06:54 UTC (History)
7 users (show)

See Also:


Attachments
suggested fix (839 bytes, patch)
2016-06-02 10:26 UTC, Lorinczy Zsigmond
no flags Details
Correction of the previous (spaces vs TABs) (723 bytes, text/plain)
2016-06-02 11:18 UTC, Lorinczy Zsigmond
no flags Details
git-am fix for 4.4.next, 4.3.next. (1.67 KB, patch)
2016-06-03 17:14 UTC, Jeremy Allison
jra: review? (obnox)
slow: review+
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Lorinczy Zsigmond 2016-06-02 10:26:30 UTC
Created attachment 12159 [details]
suggested fix

Hi,

On AIX platform, I got different problems using smbd that seemed to be related with OpLocks

With some debugging, I could track it down to 'messaging_dgm_lockfile_create': the value written into file /var/run/sambalocks/msg.lock/PID is sometimes one digit shorter than the actual value of 'unique': the first digits get losts, eg:
unique=17299420435556398153, written=7299420435556398153.

With some more debugging, I found out that 'smbd' uses an own version of 'snprintf' that has a problem with large numbers; to be more precise buffer 'convert' in function 'fmtint' of 'lib/replace/snprintf.c' is too small; so the most signification digit gets lost.

I'm attaching a trivial patch to fix the problem (the length of buffer becomes to 22 to support octal values too).

Yours: Lorinczy Zsigmond
Comment 1 Lorinczy Zsigmond 2016-06-02 11:18:14 UTC
Created attachment 12160 [details]
Correction of the previous (spaces vs TABs)
Comment 2 Jeremy Allison 2016-06-02 19:40:07 UTC
Looks correct to me. I'll propose to master and then get it back-ported. Thanks a *lot* !
Comment 3 Jeremy Allison 2016-06-03 17:14:03 UTC
Created attachment 12161 [details]
git-am fix for 4.4.next, 4.3.next.

Cherry-picked from master.
Comment 4 Ralph Böhme 2016-06-08 04:30:32 UTC
Reassigning to Karolin for inclusion in 4.3 and 4.4.
Comment 5 Karolin Seeger 2016-06-09 11:06:04 UTC
(In reply to Ralph Böhme from comment #4)
Pushed to autobuild-v4-[4|3]-test.
Comment 6 Karolin Seeger 2016-06-15 09:31:52 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to both branches.
Closing out bug report.

Thanks!
Comment 7 Lorinczy Zsigmond 2016-07-11 09:34:53 UTC
Hi, 
I certainly don't want to seem pushy, but could you please merge this patch into the next 4.4.x release?
Thank you very much.
Comment 8 Jeremy Allison 2016-07-12 19:26:30 UTC
This has already been merged by Karolin and will be in the next non-security 4.4.x release.
Comment 9 Andrew Bartlett 2017-06-29 06:21:54 UTC
Fixed in 8814b2556583e1f8965e8bf5a93438d46e8d43e6 and included in 4.3, 4.4 and above.
Comment 10 Andrew Bartlett 2017-06-29 06:25:36 UTC
*** Bug 2609 has been marked as a duplicate of this bug. ***