Bug 1784 - crash: x_fclose() calls free() on static variable when setup_logging() misused
Summary: crash: x_fclose() calls free() on static variable when setup_logging() misused
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 3.0.7
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-09-16 16:46 UTC by Jed Davis
Modified: 2005-08-24 10:18 UTC (History)
0 users

See Also:

Reorders `setup_logging' and `dbf = lines' (973 bytes, patch)
2004-09-30 13:47 UTC, Jason Lander
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jed Davis 2004-09-16 16:46:14 UTC
Some of the lesser utilities (smbcacls, smbcquotas, smbtree, maybe more) first
set the global dbf to x_stderr, which is a pointer to a static XFILE, and then
call setup_logging().  setup_logging(), seeing that dbf is not NULL, x_fclose()s
it; x_fclose(), assuming its argument was dynamically allocated, free()s it.

Under glibc, this causes an immediate segfault; other C libraries may notice
this condition and fail in a more controlled manner (NetBSD's, for instance,
prints a warning message and returns an error).

How to reproduce: run smbcacls; arguments don't matter.

Suggested fix: change the utilities in question to first call setup_logging()
and then set dbf.
Comment 1 Jason Lander 2004-09-30 13:47:30 UTC
Created attachment 689 [details]
Reorders `setup_logging' and `dbf = lines'

I was going to report this bug but was clearly beaten to it.

This is a patch made for our local Samba installation which fixes
the problem.

smbcacls, smbcquota and smbtree will fail with a segmentation
fault every time before these changes were applied.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-05 07:57:47 UTC
please retest against 3.0.11 and reopen if necessary.  Also reset 
the version if you reopen the bug report.  Thanks.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:18:12 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.