6037 – Segmentation fault in librpc when using libmapi

Bug 6037 - Segmentation fault in librpc when using libmapi

Summary: Segmentation fault in librpc when using libmapi

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	x86 Linux

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Andrew Bartlett

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-01-15 07:56 UTC by Arvids
Modified:	2009-01-19 02:02 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvids 2009-01-15 07:56:04 UTC

Hello,

I have compiled latest samba4 from git.
When I try to make MAPI profile, I get segmentation fault.
Here are the details:

(gdb) file mapiprofile
Reading symbols from /home/arvids/samba4/bin/mapiprofile...done.
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) set args --database=/home/arvids/.evolution/mapi-profiles.ldb --profile='testprofile' --username=anyuser --password=anypwd --domain=anydomain -I 192.168.1.227 --create
(gdb) run
Starting program: /home/arvids/samba4/bin/mapiprofile --database=/home/arvids/.evolution/mapi-profiles.ldb --profile='testprofile' --username=anyuser --password=anypwd --domain=anydomain -I 192.168.1.227 --create

Program received signal SIGSEGV, Segmentation fault.
0x0117eec7 in get_conv_handle (ic=0x0, from=CH_DOS, to=CH_UNIX) at ../lib/util/charset/charcnv.c:130
130             if (ic->conv_handles[from][to]) {
(gdb) bt
#0  0x0117eec7 in get_conv_handle (ic=0x0, from=CH_DOS, to=CH_UNIX) at ../lib/util/charset/charcnv.c:130
#1  0x0117f5b0 in convert_string_talloc_convenience (ctx=0x8354168, ic=0x0, from=CH_DOS, to=CH_UNIX, src=0x8354182, srclen=4, dest=0xbfdbe278)
    at ../lib/util/charset/charcnv.c:317
#2  0x0105bae4 in ndr_pull_charset (ndr=0x8353d00, ndr_flags=1, var=0xbfdbe278, length=4, byte_mul=1 '\001', chset=CH_DOS) at librpc/ndr/ndr_string.c:648
#3  0x00d8e9ec in ndr_pull_dcerpc_bind_ack (ndr=0x8353d00, ndr_flags=1, r=0xbfdbe26c) at librpc/gen_ndr/ndr_dcerpc.c:404
#4  0x00d92735 in ndr_pull_dcerpc_payload (ndr=0x8353d00, ndr_flags=1, r=0xbfdbe26c) at librpc/gen_ndr/ndr_dcerpc.c:1488
#5  0x00d93111 in ndr_pull_ncacn_packet (ndr=0x8353d00, ndr_flags=3, r=0xbfdbe254) at librpc/gen_ndr/ndr_dcerpc.c:1718
#6  0x00d6d891 in ncacn_pull (c=0x83551f0, blob=0xbfdbe2d8, mem_ctx=0x8354168, pkt=0xbfdbe254) at librpc/rpc/dcerpc.c:203
#7  0x00d6e498 in dcerpc_recv_data (conn=0x83551f0, blob=0xbfdbe2d8, status={v = 0}) at librpc/rpc/dcerpc.c:581
#8  0x00d76d23 in sock_process_recv (private=0x83551f0, blob={data = 0x8354168 "\005", length = 60}) at librpc/rpc/dcerpc_sock.c:122
#9  0x00e61655 in packet_recv (pc=0x8354250) at lib/stream/packet.c:378
#10 0x00d76daf in sock_io_handler (ev=0x8354e20, fde=0x83541e8, flags=1, private=0x83551f0) at librpc/rpc/dcerpc_sock.c:146
#11 0x011925c0 in epoll_event_loop () from /home/arvids/samba4/lib/libdcerpc.so.0
#12 0x01192c19 in std_event_loop_once () from /home/arvids/samba4/lib/libdcerpc.so.0
#13 0x01191b36 in tevent_loop_once () from /home/arvids/samba4/lib/libdcerpc.so.0
#14 0x00eac99f in composite_wait (c=0x8354e78) at libcli/composite/composite.c:64
#15 0x00d79b7e in dcerpc_pipe_connect_recv (c=0x8354e78, mem_ctx=0x83523a8, pp=0xbfdbe5c8) at librpc/rpc/dcerpc_connect.c:919
#16 0x00d79c4c in dcerpc_pipe_connect (parent_ctx=0x83523a8, pp=0xbfdbe5c8, binding=0x83529d0 "ncacn_ip_tcp:192.168.1.227[]", table=0x5d2d20,
    credentials=0x8354d28, ev=0x8354e20, lp_ctx=0x8341638) at librpc/rpc/dcerpc_connect.c:944
#17 0x005087af in provider_rpc_connection (parent_ctx=0x83523a8, p=0xbfdbe5c8, binding=0x83529d0 "ncacn_ip_tcp:192.168.1.227[]", credentials=0x8354d28,
    table=0x5d2d20, lp_ctx=0x8341638) at libmapi/IMSProvider.c:58
#18 0x00508ab4 in RfrGetNewDSA (session=0x83523a8, server=0x83470d8 "192.168.1.227", userDN=0x0) at libmapi/IMSProvider.c:102
#19 0x00508bec in Logon (session=0x83523a8, provider=0x83531b0, provider_id=PROVIDER_ID_NSPI) at libmapi/IMSProvider.c:202
#20 0x0050b5bf in MapiLogonProvider (session=0xbfdbeb08, profname=0x8341370 "testprofile", password=0x83413d0 "anypwd", provider=PROVIDER_ID_NSPI)
    at libmapi/cdo_mapi.c:177
#21 0x0804999e in main (argc=Cannot access memory at address 0x1
) at utils/mapiprofile.c:167
(gdb)

Regards, Arvids

Comment 1 Matthias Dieter Wallnöfer 2009-01-18 12:43:33 UTC

Are you sure that the bug is in our competence and not related to the OpenChange project? I personally believe that it's a problem in libmapi itself and therefore invite you to contact the OpenChange bug management system.
If it gets confirmed there as bug, we close this issue here.

Comment 2 Arvids 2009-01-18 12:54:37 UTC

no, I am not sure. OK, I will report this bug to OpenChange project and post the results here.

Comment 3 Arvids 2009-01-19 02:02:40 UTC

the bug is already fixed in latest OpenChange version.