Bug 5891 - smbd crashed when viewing the eventlog exported by "eventlog list"
smbd crashed when viewing the eventlog exported by "eventlog list"
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: File services
3.2.4
x86 Windows XP
: P3 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-11 09:52 UTC by TAKAHASHI Motonobu
Modified: 2009-08-20 10:58 UTC (History)
1 user (show)

See Also:


Attachments
level 10 log (82.01 KB, text/plain)
2008-11-11 09:52 UTC, TAKAHASHI Motonobu
no flags Details
Patch for 3.2.x (535 bytes, patch)
2008-11-11 16:36 UTC, Jeremy Allison
no flags Details
level 10 log #2 (78.38 KB, text/plain)
2008-11-13 15:52 UTC, TAKAHASHI Motonobu
no flags Details
valgrind log (7.23 KB, application/gzip)
2008-11-14 04:58 UTC, TAKAHASHI Motonobu
no flags Details
Cleanup (3.89 KB, patch)
2008-11-19 18:36 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description TAKAHASHI Motonobu 2008-11-11 09:52:03 UTC
smbd crashed when viewing the eventlog exported by "eventlog list".

(1) set smb.conf like as:
-----
[global]
  ...
  eventlog list = Samba

[C$]
  path = /tmp
-----

(2) run "eventlogadm" 

cat list1 | eventlogadm -o write Samba

The content of list1 is :
-----
                LEN: 0
                RS1: 1699505740
                RCN: 0
                TMG: 1128631322
                TMW: 1128631322
                EID: 1000
                ETP: INFO
                ECT: 0
                RS2: 0
                CRN: 0
                USL: 0
                SRC: cron
                SRN: dmlinux
                STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
                DAT:
-----

(3) 

(4) Viewing the "Samba" eventlog with "Computer Management"

(5) smbd crashed.
Comment 1 TAKAHASHI Motonobu 2008-11-11 09:52:48 UTC
Created attachment 3724 [details]
level 10 log
Comment 2 Jeremy Allison 2008-11-11 16:36:54 UTC
Created attachment 3726 [details]
Patch for 3.2.x

Don't mix talloc and free(). Thanks !
Jeremy.
Comment 3 Jeremy Allison 2008-11-11 16:39:58 UTC
Fixed in all git branches. Thanks !
Jeremy.
Comment 4 TAKAHASHI Motonobu 2008-11-13 15:52:18 UTC
Created attachment 3734 [details]
level 10 log #2

I applied this patch, re-compiled Samba and found this bug still existed.
Comment 5 TAKAHASHI Motonobu 2008-11-13 15:53:33 UTC
Re-open this bug as #4
Comment 6 Jeremy Allison 2008-11-13 15:59:47 UTC
Can you get me a decent backtrace or valgrind log then please ? I was able to reproduce the crash easily, and fix it with the patch in attachment :

https://bugzilla.samba.org/attachment.cgi?id=3726

so I'm puzzled as to why you're still seeing a crash (it was a fairly obvious mixing up of MALLOC & TALLOC).

Jeremy.
Comment 7 TAKAHASHI Motonobu 2008-11-14 04:58:56 UTC
Created attachment 3735 [details]
valgrind log

valgrind log 

# valgrind --leak-check=full ./smbd -i

Sorry, I am newvie for valgrind, so please tell me what option is proper.
Or if you could, I can offer my test environment (VMware image 1.5GB).
Comment 8 Guenther Deschner 2008-11-19 17:51:25 UTC
yep, reproduced here.
Comment 9 Guenther Deschner 2008-11-19 17:52:09 UTC
Meaning, it is still an issue here as well. I didn't had a chance to figure out why we crash though.
Comment 10 Jeremy Allison 2008-11-19 18:36:15 UTC
Created attachment 3752 [details]
Cleanup

This is *horrid* code that badly mixes int and uint32(_t). Here is a small cleanup (don't think it will fix the bug but needs doing).
Jeremy.
Comment 11 Guenther Deschner 2008-11-20 10:20:50 UTC
Absolutely true Jeremy, eventlog really needs a lot of cleanup.

I was talking with Michael about this (after identifying the problematic function) and he fixed this. So, for me this bug is resolved with the latest fix (pushed to all git trees). master commit is here: 
http://git.samba.org/?p=samba.git;a=commitdiff;h=172628dca2b8553b8b7273a645393d5c96daa67e

Can you verify ?
Comment 12 Guenther Deschner 2009-04-15 11:44:35 UTC
The upcoming Samba 3.4 release (v3-4-test branch) has a reworked eventlog service. Any chance you can try that?
Comment 13 Guenther Deschner 2009-08-06 09:40:28 UTC
Ok, eventlog rewrite will not be ported back to 3.2. 

Closing as fixed in 3.4.
Comment 14 TAKAHASHI Motonobu 2009-08-20 10:58:36 UTC
I examined and this works well at Samba 3.4.
BTW, These 3 fields

-----
     LEN: 0
     RS1: 1699505740
     RCN: 0
-----

are needed by eventlogadm?

The manual page says yes, but as far as I examined not, and the parselog.pl also does not create these fields.