Bug 15579 - error output with wspsearch
Summary: error output with wspsearch
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.20.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
Depends on:
Reported: 2024-02-09 16:07 UTC by Noel Power
Modified: 2024-02-26 11:47 UTC (History)
2 users (show)

See Also:

backport of master patch to 4.20 (6.22 KB, patch)
2024-02-20 12:02 UTC, Noel Power
vl: review-
prep patches + backport of master patch to 4.20 (19.01 KB, patch)
2024-02-20 12:03 UTC, Noel Power
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Noel Power 2024-02-09 16:07:22 UTC
When running a custom query that involves returning a vector result of strings e.g. like the example below requesting System:Kind property we can get an error reported (although the results are returned as expected)

wspsearch -U$USER%$PASSWORD --limit 2 --query 'SELECT System.Kind WHERE System.Kind:music AND Scope:"FILE://$SERVER/$SHARE"' //$SERVER/$SHARE
custom_query 1
found 250 results, returning 1 
extract_variant_addresses: offset 16344 outside buffer range (buf len - 16344)

there are actually 2 problems here

1. An error condition is erroneously detected (we actually add an offset prior to testing)
2. The error condition isn't acted on so instead of processing the error it is ignored
Comment 1 Samba QA Contact 2024-02-17 17:59:03 UTC
This bug was referenced in samba master:

Comment 2 Noel Power 2024-02-20 12:02:20 UTC
Created attachment 18256 [details]
backport of master patch to 4.20
Comment 3 Noel Power 2024-02-20 12:03:37 UTC
Created attachment 18257 [details]
prep patches + backport of master patch to 4.20
Comment 4 Noel Power 2024-02-20 12:15:54 UTC
so I was a little mistaken when opening this bug, the debug message isn't actually printed in 4.20 as the code for extract_variant_addresses was rewritten in master and the erroneous debug message is only emitted on master.

However, the master patch addresses issues of potential buffer overwriting which are equally relevant with the 4.20 version of the code.

I am attaching here a backport of master patch for the code as it appears on 4.20 (first patch in attachment list)

I am additionally attaching a backport the patches (and supporting patches) that rewrite extract_variant_addresses and the actual master fix then for this bug.

So, basically there are 2 choices
  a) patch the 4.20 code which contains a different version of the master patch
  b) include the extra patches to bring function in 4.20 to be the same as in master and also include the master patch.

My preference would be for b) but it is a bigger patch and I totally am fine with the more straightforward backport of a) please choose whichever you are comfortable with to review
Comment 5 Noel Power 2024-02-20 12:16:46 UTC
Comment on attachment 18256 [details]
backport of master patch to 4.20

option 1. more straightforward backport (but code is different and uglier than master)
Comment 6 Noel Power 2024-02-20 12:18:02 UTC
Comment on attachment 18257 [details]
prep patches + backport of master patch to 4.20

option 2, some preparatory patches to bring 4.20 version of extract_variant_addresses to same as master + the master patch for this bug
Comment 7 Volker Lendecke 2024-02-20 13:33:18 UTC
If you ask me, it would be option 2.
Comment 8 Jule Anger 2024-02-26 08:54:59 UTC
Pushed option 2 to autobuild-v4-20-test.
Comment 9 Samba QA Contact 2024-02-26 10:38:13 UTC
This bug was referenced in samba v4-20-test:

Comment 10 Jule Anger 2024-02-26 11:31:56 UTC
Closing out bug report.

Comment 11 Samba QA Contact 2024-02-26 11:47:18 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.0rc3):