There's an overflow in nsswitch/winbind_nss_aix.c:843 ret[n] = NULL; which was detected by running an application with MALLOCDEBUG=catch_overflow. The array is allocated as n = sizeof(attr_list) / sizeof(struct attr_types); size = (n*sizeof(attrlist_t *)); if ( (ret = malloc( size )) == NULL ) ... Guess the array should be allocated with size = ((n + 1) * sizeof(attrlist_t *));
This bug was referenced in samba master: 44aba9c7cabedf7b5a01fb9c5f3099125dd70602