Invalid memory read access in posix_sys_acl_blob_get_fd() ==16922==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe354fb360 at pc 0x7fd712e41f41 bp 0x7ffe354fac50 sp 0x7ffe354fa400 READ of size 17 at 0x7ffe354fb360 thread T0 #0 0x7fd712e41f40 (/usr/lib64/libasan.so.6+0x3ff40) #1 0x7fd70a6eb24e in cp_smb_filename ../../source3/lib/filename_util.c:234 #2 0x7fd70a6eb55c in synthetic_smb_fname ../../source3/lib/filename_util.c:73 #3 0x7fd502b2ab99 in xattr_tdb_get_file_id ../../source3/modules/vfs_xattr_tdb.c:41 #4 0x7fd502b2c3bf in xattr_tdb_getxattr ../../source3/modules/vfs_xattr_tdb.c:84 #5 0x7fd70a5a7485 in smb_vfs_call_getxattr ../../source3/smbd/vfs.c:2802 #6 0x7fd70b713e3e in fake_acls_sys_acl_get_file ../../source3/modules/vfs_fake_acls.c:277 #7 0x7fd70a5a6ffb in smb_vfs_call_sys_acl_get_file ../../source3/smbd/vfs.c:2747 #8 0x7fd70a5c1a41 in posix_sys_acl_blob_get_fd ../../source3/smbd/posix_acls.c:4681 #9 0x7fd70a5a7243 in smb_vfs_call_sys_acl_blob_get_fd ../../source3/smbd/vfs.c:2776 #10 0x7fd70a7b63b7 in fset_nt_acl_common ../../source3/modules/vfs_acl_common.c:1139 #11 0x7fd708c576ba in acl_xattr_fset_nt_acl ../../source3/modules/vfs_acl_xattr.c:380 #12 0x7fd70a5a6e6f in smb_vfs_call_fset_nt_acl ../../source3/smbd/vfs.c:2723 #13 0x7fd70ac02ab6 in set_nt_acl_conn ../../source3/smbd/pysmbd.c:284 #14 0x7fd70ac02ab6 in py_smbd_set_nt_acl ../../source3/smbd/pysmbd.c:803 Address 0x7ffe354fb360 is located in stack of thread T0 at offset 640 in frame #0 0x7fd70a5c179b in posix_sys_acl_blob_get_fd ../../source3/smbd/posix_acls.c:4649 This frame has 4 object(s): [48, 80) 'acl_wrapper' (line 4652) [112, 280) 'sbuf' (line 4650) [352, 568) 'fname' (line 4654) [640, 4736) 'buf' (line 4659) <== Memory access at offset 640 is inside this variable
This bug was referenced in samba master: 0a93f5367bc55ee14f13da5bdb812333c9d9e9f3
Created attachment 16420 [details] patch for 4.14, 4.13 and 4.12
Comment on attachment 16420 [details] patch for 4.14, 4.13 and 4.12 LGTM. Karolin, FYI this only applies to 4.14.rcNext, not any prior versions.
Re-assigning to Karolin for inclusion in 4.14.rcNext.
(In reply to Jeremy Allison from comment #4) Pushed to autobuild-v4-14-test.
This bug was referenced in samba v4-14-test: eac2d1504b72d766762f2991c0acd1355835a2cd
This bug was referenced in samba v4-14-stable (Release samba-4.14.0rc2): eac2d1504b72d766762f2991c0acd1355835a2cd
Closing out bug report. Thanks!