Bug 5686 - libsmbclient segfaults with more than one SMBCCTX
libsmbclient segfaults with more than one SMBCCTX
Product: Samba 3.2
Classification: Unclassified
Component: libsmbclient
Other Linux
: P3 normal
: ---
Assigned To: Jeremy Allison
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2008-08-12 11:13 UTC by Tim Waugh
Modified: 2008-08-14 17:26 UTC (History)
0 users

See Also:

Patch (6.37 KB, patch)
2008-08-12 15:32 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Waugh 2008-08-12 11:13:16 UTC
This commit:

commit 7cd553356e3fe10bf4caac23d525df235ad9efce
Author: Andreas Schneider <anschneider@suse.de>
Date:   Tue Jul 15 14:57:32 2008 +0200

    Release still reachable memory if the smbclient context is freed.

    Signed-off-by: Andreas Schneider <anschneider@suse.de>
    (cherry picked from commit 88c9cf2fdc8f3d704f7f27c25ef6dc6940d451d3)

seems to be incorrect.  It assumes that only one smbclient context is in use at a time, and frees global resources.

A test case showing the problem can be found here:

It creates and frees two smbclient contexts.  Creating the second context causes a segmentation fault.
Comment 1 Jeremy Allison 2008-08-12 12:03:43 UTC
Got it - thanks. I'll add a refcount here.
Comment 2 Jeremy Allison 2008-08-12 15:32:24 UTC
Created attachment 3467 [details]

Here is a patch to allow many subsystems to be re-initialized. The only functional change I made was to remove the null context tracking, as the memory allocated here is designed to be left for the complete lifetime of the program. Freeing this early (when all smb contexts are destroyed) could crash other users of talloc.
Comment 3 Derrell Lipman 2008-08-12 15:48:39 UTC
Thanks, Jeremy.
Comment 4 Jeremy Allison 2008-08-14 17:26:27 UTC
Fixed for 3.2.2.