The Samba-Bugzilla – Bug 1784
crash: x_fclose() calls free() on static variable when setup_logging() misused
Last modified: 2005-08-24 10:18:12 UTC
Some of the lesser utilities (smbcacls, smbcquotas, smbtree, maybe more) first
set the global dbf to x_stderr, which is a pointer to a static XFILE, and then
call setup_logging(). setup_logging(), seeing that dbf is not NULL, x_fclose()s
it; x_fclose(), assuming its argument was dynamically allocated, free()s it.
Under glibc, this causes an immediate segfault; other C libraries may notice
this condition and fail in a more controlled manner (NetBSD's, for instance,
prints a warning message and returns an error).
How to reproduce: run smbcacls; arguments don't matter.
Suggested fix: change the utilities in question to first call setup_logging()
and then set dbf.
Created attachment 689 [details]
Reorders `setup_logging' and `dbf = lines'
I was going to report this bug but was clearly beaten to it.
This is a patch made for our local Samba installation which fixes
smbcacls, smbcquota and smbtree will fail with a segmentation
fault every time before these changes were applied.
please retest against 3.0.11 and reopen if necessary. Also reset
the version if you reopen the bug report. Thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.