Created attachment 13099 [details] initial patch as sent the the mailing list (needs bug ids and other fixes) Due to a cast in server_id_db_lookup() strv_count() will walk off the end of a zero-length talloc pointer in search of the terminating NULL. The patch as sent to the mailing list at https://lists.samba.org/archive/samba-technical/2017-March/119461.html is included for context.
Fixed by e92a20781ca45b8696397cdef424fe8b92bee66b in master for Samba 4.7
Created attachment 13445 [details] patch cherry-picked from master for 4.6 This may be helpful to backport, so i have done the cherry-pick. I had to manually handle the conflicts in the knownfail.