Bug 14332 - double free in smbtree
Summary: double free in smbtree
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.12.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2020-04-01 14:08 UTC by Noel Power
Modified: 2020-04-07 08:03 UTC (History)
1 user (show)

See Also:

patch for master (1.56 KB, patch)
2020-04-01 14:11 UTC, Noel Power
no flags Details
patch for 4.12 cherry picked from master (1.79 KB, patch)
2020-04-02 08:21 UTC, Noel Power
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Noel Power 2020-04-01 14:08:55 UTC
since 968f72041021ccc0301220833f987dad8e3b9364 there is a double free in smbtree

samba built with modern gcc will show with smbtree -N

something like

        \\LIVEBOX                       Livebox
                \\LIVEBOX\USBkk                 Additional storage
                \\LIVEBOX\IPC$                  IPC Service (Livebox)
free(): double free detected in tcache 2
Abandon (core dumped)

seems we call poptFreeContext(pc) multiple times
Comment 1 Noel Power 2020-04-01 14:09:15 UTC
taking it
Comment 2 Noel Power 2020-04-01 14:11:25 UTC
Created attachment 15886 [details]
patch for master
Comment 3 Noel Power 2020-04-01 14:13:49 UTC

instead of reverting the orig patch 968f72041021ccc0301220833f987dad8e3b9364 I removed the orig existing poptFreeContext(pc) (after the while) and leave the new  poptFreeContext(pc) introduced with 968f72041021ccc0301220833f987dad8e3b9364 at the end of the method (where I think it is more visible)
Comment 4 Noel Power 2020-04-02 08:21:06 UTC
Created attachment 15887 [details]
patch for 4.12 cherry picked from master
Comment 5 Noel Power 2020-04-02 08:23:34 UTC
Assigning to Karolin for inclusion in 4.12
Comment 6 Karolin Seeger 2020-04-03 10:59:41 UTC
(In reply to Noel Power from comment #5)
Pushed to autobuild-v4-12-test.
Comment 7 Karolin Seeger 2020-04-07 08:03:38 UTC
(In reply to Karolin Seeger from comment #6)
Pushed to v4-12-test.
Closing out bug report.