Bug 7053 - crash on Double free
Summary: crash on Double free
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: Other Linux
: P1 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks: 6600
  Show dependency treegraph
 
Reported: 2010-01-21 10:19 UTC by Matthieu Patou
Modified: 2010-02-13 06:19 UTC (History)
2 users (show)

See Also:


Attachments
Trace (24.05 KB, application/octet-stream)
2010-01-21 10:19 UTC, Matthieu Patou
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2010-01-21 10:19:36 UTC
On Samba alpha10, we face a crash in some conditions.

See trace of the crash
Comment 1 Matthieu Patou 2010-01-21 10:19:51 UTC
Created attachment 5214 [details]
Trace
Comment 2 Matthias Dieter Wallnöfer 2010-01-31 03:58:30 UTC
This has higher fixing priority.
Comment 3 Matthias Dieter Wallnöfer 2010-02-12 04:28:21 UTC
Crash bugs are blockers
Comment 4 Matthias Dieter Wallnöfer 2010-02-12 12:29:24 UTC
Ekacnet, I tried hard to find the cause of the problem but didn't succed. Obviously, the cause is a "talloc_reference" call on a freed "iconv_convenience" object. To discover where this happened you should provide also the stdout and stderr output shortly before the stacktrace. There should be printed a message like "talloc: double free error - first free may be at ...".
Without this second code pointer we don't come any further.
Comment 5 Matthias Dieter Wallnöfer 2010-02-13 06:19:30 UTC
Should be fixed by tridge in f69135e0e985200d62d4618b742bd642ecfdbf31.