Bug 7053 - crash on Double free
Summary: crash on Double free
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: Other Linux
: P1 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks: 6600
  Show dependency treegraph
 
Reported: 2010-01-21 10:19 UTC by Matthieu Patou
Modified: 2010-02-13 06:19 UTC (History)
2 users (show)

See Also:

Attachments
Trace (24.05 KB, application/octet-stream)
2010-01-21 10:19 UTC, Matthieu Patou 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2010-01-21 10:19:36 UTC 
On Samba alpha10, we face a crash in some conditions.

See trace of the crash
Comment 1 Matthieu Patou 2010-01-21 10:19:51 UTC 
Created attachment 5214 [details]
Trace
Comment 2 Matthias Dieter Wallnöfer 2010-01-31 03:58:30 UTC 
This has higher fixing priority.
Comment 3 Matthias Dieter Wallnöfer 2010-02-12 04:28:21 UTC 
Crash bugs are blockers
Comment 4 Matthias Dieter Wallnöfer 2010-02-12 12:29:24 UTC 
Ekacnet, I tried hard to find the cause of the problem but didn't succed. Obviously, the cause is a "talloc_reference" call on a freed "iconv_convenience" object. To discover where this happened you should provide also the stdout and stderr output shortly before the stacktrace. There should be printed a message like "talloc: double free error - first free may be at ...".
Without this second code pointer we don't come any further.
Comment 5 Matthias Dieter Wallnöfer 2010-02-13 06:19:30 UTC 
Should be fixed by tridge in f69135e0e985200d62d4618b742bd642ecfdbf31.