When running a custom query that involves returning a vector result of strings e.g. like the example below requesting System:Kind property we can get an error reported (although the results are returned as expected) wspsearch -U$USER%$PASSWORD --limit 2 --query 'SELECT System.Kind WHERE System.Kind:music AND Scope:"FILE://$SERVER/$SHARE"' //$SERVER/$SHARE custom_query 1 found 250 results, returning 1 extract_variant_addresses: offset 16344 outside buffer range (buf len - 16344) there are actually 2 problems here 1. An error condition is erroneously detected (we actually add an offset prior to testing) 2. The error condition isn't acted on so instead of processing the error it is ignored
This bug was referenced in samba master: 01e901ef869a1a87fba0e67bce311dbeb199b717 f487211706a74d516bf447ed393222b4c0dce7b0 885850b6aaabf089f422b1b015481a0ccff4f90e
Created attachment 18256 [details] backport of master patch to 4.20
Created attachment 18257 [details] prep patches + backport of master patch to 4.20
so I was a little mistaken when opening this bug, the debug message isn't actually printed in 4.20 as the code for extract_variant_addresses was rewritten in master and the erroneous debug message is only emitted on master. However, the master patch addresses issues of potential buffer overwriting which are equally relevant with the 4.20 version of the code. I am attaching here a backport of master patch for the code as it appears on 4.20 (first patch in attachment list) I am additionally attaching a backport the patches (and supporting patches) that rewrite extract_variant_addresses and the actual master fix then for this bug. So, basically there are 2 choices a) patch the 4.20 code which contains a different version of the master patch b) include the extra patches to bring function in 4.20 to be the same as in master and also include the master patch. My preference would be for b) but it is a bigger patch and I totally am fine with the more straightforward backport of a) please choose whichever you are comfortable with to review
Comment on attachment 18256 [details] backport of master patch to 4.20 option 1. more straightforward backport (but code is different and uglier than master)
Comment on attachment 18257 [details] prep patches + backport of master patch to 4.20 option 2, some preparatory patches to bring 4.20 version of extract_variant_addresses to same as master + the master patch for this bug
If you ask me, it would be option 2.
Pushed option 2 to autobuild-v4-20-test.
This bug was referenced in samba v4-20-test: 3e226dd1cd531dd070c866757e5f79492ce2b664 1ab3de6f46e61281348f9275e0ae490b53591845 253c5585c91172ebe5cca9ca59ff30a82fbf3fd3
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.0rc3): 3e226dd1cd531dd070c866757e5f79492ce2b664 1ab3de6f46e61281348f9275e0ae490b53591845 253c5585c91172ebe5cca9ca59ff30a82fbf3fd3