I could trace that problem to printing/nt_printing.c: line 345: int32 sd_size, size_new_sec; and things work if I replace by: size_t sd_size, size_new_sec; becauze &size_new_sec is passed to make_sec_desc which needs a size_t* argument, and size_t is uint64 for an amd64, so there is an overflow. Reading the compilation traces, I see that the same and analog problems arise elsewhere.
I've been working on fixing this last week (successfully tested on sles9 sp1 x86_64 and 9.3 x86_64). The fix is already in subversion: http://build.samba.org/?function=text_diff;tree=samba_3_0;date=1126472001;author=gd;revision=10154 Please reopen if it is still an issue for you.
I am running Linux kernel 2.6.15, glibc 2.4, samba (latest from CVS), tried various gcc flavors currently gcc 4.1.1. and I get this same bug on either nmbd or smbd. Samba 4 does not have this bug, but I do not want to convert to it at the moment. The machine is dual athlon-mp with 1GB Ram. root@pc1lin:/root# gdb /usr/sbin/smbd GNU gdb 6.4.50.20060311-cvs Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run Starting program: /usr/sbin/smbd Program received signal SIGABRT, Aborted. 0xffffe410 in __kernel_vsyscall () (gdb) list 726 {"daemon", 'D', POPT_ARG_VAL, &is_daemon, True, "Become a daemon (default)" }, 727 {"interactive", 'i', POPT_ARG_VAL, &interactive, True, "Run inte ractive (not a daemon)"}, 728 {"foreground", 'F', POPT_ARG_VAL, &Fork, False, "Run daemon in f oreground (for daemontools & etc)" }, 729 {"no-process-group", 0, POPT_ARG_VAL, &no_process_group, True, " Don't create a new process group" }, 730 {"log-stdout", 'S', POPT_ARG_VAL, &log_stdout, True, "Log to std out" }, 731 {"build-options", 'b', POPT_ARG_NONE, NULL, 'b', "Print build op tions" }, 732 {"port", 'p', POPT_ARG_STRING, &ports, 0, "Listen on the specifi ed ports"}, 733 POPT_COMMON_SAMBA 734 { NULL } 735 }; (gdb) where #0 0xffffe410 in __kernel_vsyscall () #1 0xb7cb576a in ?? () #2 0xb7da9ff4 in ?? () #3 0xbfb5b144 in ?? () #4 0xb78628c0 in ?? () #5 0xbfb5b1d0 in ?? () #6 0xb7cb7060 in ?? () #7 0x00000006 in ?? () #8 0xbfb5b144 in ?? () #9 0x00000000 in ?? () (gdb) Part of strace: open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=54543, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0 xb7e96000 read(4, "# GNU libc iconv configuration.\n"..., 4096) = 4096 read(4, "as\tJS//\t\t\tJUS_I.B1.002//\nalias\tY"..., 4096) = 4096 read(4, "e\tINTERNAL\t\tISO-8859-3//\t\tISO885"..., 4096) = 4096 read(4, "as\tISO-IR-199//\t\tISO-8859-14//\na"..., 4096) = 4096 read(4, "to\t\t\tmodule\t\tcost\nalias\tCSEBCDIC"..., 4096) = 4096 read(4, "e\t\tcost\nalias\tCP284//\t\t\tIBM284//"..., 4096) = 4096 read(4, "as\tCP864//\t\t\tIBM864//\nalias\t864/"..., 4096) = 4096 read(4, "dule\tIBM937//\t\tINTERNAL\t\tIBM937\t"..., 4096) = 4096 read(4, "UC-JP//\nalias\tUJIS//\t\t\tEUC-JP//\n"..., 4096) = 4096 read(4, "dule\t\tcost\nalias\tISO-IR-143//\t\tI"..., 4096) = 4096 read(4, "OX//\nmodule\tISO_10367-BOX//\t\tINT"..., 4096) = 4096 read(4, "dule\tINTERNAL\t\tEUC-JISX0213//\t\tE"..., 4096) = 4096 read(4, "odule\tIBM1130//\t\tINTERNAL\t\tIBM11"..., 4096) = 4096 read(4, "804//\t\tIBM16804//\nalias\tCP16804/"..., 4096) = 1295 read(4, "", 4096) = 0 close(4) = 0 munmap(0xb7e96000, 4096) = 0 futex(0xb7e09a4c, FUTEX_WAKE, 2147483647) = 0 open("/usr/lib/gconv/UTF-16.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\5\0\000"..., 512) = 51 2 fstat64(4, {st_mode=S_IFREG|0755, st_size=30517, ...}) = 0 old_mmap(NULL, 12328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x b7e93000 old_mmap(0xb7e95000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYW RITE, 4, 0x1000) = 0xb7e95000 close(4) = 0 mprotect(0xb7e95000, 4096, PROT_READ) = 0 brk(0x803a3000) = 0x803a3000 brk(0x8039b000) = 0x8039b000 open("/usr/lib/gconv/IBM850.so", O_RDONLY) = 4 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\4\0"..., 512) = 512 fstat64(4, {st_mode=S_IFREG|0755, st_size=22335, ...}) = 0 old_mmap(NULL, 12316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x b789d000 old_mmap(0xb789f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYW RITE, 4, 0x1000) = 0xb789f000 close(4) = 0 mprotect(0xb789f000, 4096, PROT_READ) = 0 write(2, "smbd: gconv_db.c:232: __gconv_re"..., 95) = 95 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 tgkill(30320, 30320, SIGABRT) = 0 --- SIGABRT (Aborted) @ 0 (0) --- time(NULL) = 1143387808 geteuid32() = 0 write(5, "[2006/03/26 10:43:28, 0] lib/fau"..., 54) = 54 geteuid32() = 0 write(5, " =============================="..., 66) = 66 time(NULL) = 1143387808 geteuid32() = 0 write(5, "[2006/03/26 10:43:28, 0] lib/fau"..., 54) = 54 geteuid32() = 0 write(5, " INTERNAL ERROR: Signal 6 in pi"..., 69) = 69 geteuid32() = 0 write(5, " Please read the Trouble-Shooti"..., 63) = 63 time(NULL) = 1143387808 geteuid32() = 0 write(5, "[2006/03/26 10:43:28, 0] lib/fau"..., 54) = 54 geteuid32() = 0 write(5, " \n", 3) = 3 geteuid32() = 0 write(5, " From: http://www.samba.org/sam"..., 57) = 57 time(NULL) = 1143387808 geteuid32() = 0 write(5, "[2006/03/26 10:43:28, 0] lib/fau"..., 54) = 54 geteuid32() = 0 write(5, " =============================="..., 66) = 66 time(NULL) = 1143387808 geteuid32() = 0 write(5, "[2006/03/26 10:43:28, 0] lib/uti"..., 53) = 53 geteuid32() = 0 .....
I have the problem similar to Fred's one. He also reported it in email: http://lists.samba.org/archive/samba/2006-March/118937.html I'm using glibc 2.4, gcc 4.1.0. Samba version is 3.0.22.
There are two diferent bugs here. The original one was fixed. The second appears more ilke BUG 3655
(In reply to comment #4) > There are two diferent bugs here. The original one was fixed. > The second appears more ilke BUG 3655 As both of these reports have been closed without fix i've opened #3678
I still get this bug on AMD64 machine with Gentoo. Samba version: 3.0.23a. glibc version: 2.4-r3