In: static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, TALLOC_CTX *mem_ctx, const struct smb_filename *smb_fname, struct SMB4ACL_T **ppacl) { int naces, i; ace_t *acebuf; struct SMB4ACL_T *pacl; SMB_STRUCT_STAT sbuf; const SMB_STRUCT_STAT *psbuf = NULL; int ret; if (VALID_STAT(smb_fname->st)) { psbuf = &smb_fname->st; } if (psbuf == NULL) { ret = vfs_stat_smb_basename(conn, smb_fname, &sbuf); if (ret != 0) { DBG_INFO("stat [%s]failed: %s\n", smb_fname_str_dbg(smb_fname), strerror(errno)); return map_nt_error_from_unix(errno); } psbuf = &sbuf; } if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) { ace->aceMask |= SMB_ACE4_DELETE_CHILD; } the variable "ace" is not declared/initialized before the pointer dereference. Most probably this was caused while "cherry-picking to 4.6 and 4.7" of the fix of the bug 6133 Thank you very much for cherry re-picking the fix again :-)
Ralph's new patch (see Samba 4.7.4 rel. notes) fixes it. *** This bug has been marked as a duplicate of bug 6133 ***