Bug 8433 - iconv.c redundant traversal of a linked list => segfault
iconv.c redundant traversal of a linked list => segfault
Status: RESOLVED FIXED
Product: Samba 3.6
Classification: Unclassified
Component: i18n
3.6.0
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks: 8399
  Show dependency treegraph
 
Reported: 2011-09-01 14:42 UTC by u-smbb-3fxd
Modified: 2011-09-01 21:27 UTC (History)
0 users

See Also:


Attachments
Patch (646 bytes, patch)
2011-09-01 14:57 UTC, Volker Lendecke
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description u-smbb-3fxd 2011-09-01 14:42:39 UTC
In the samba internal minimal iconv implementation:

At line 100 in

http://gitweb.samba.org/?p=samba.git;a=blob;f=lib/util/charset/iconv.c;h=64e345a7c16cfd5d2a28f8d9ce8b14a66cdbea55;hb=HEAD

there is an extra indirection step "c = c->next;" which is wrong (present at the end of the for loop too) and causes a null pointer dereference.

Commenting out this line makes the samba suite functional.

Regards,
Rune L
Comment 1 Volker Lendecke 2011-09-01 14:57:51 UTC
Created attachment 6849 [details]
Patch

Ooops... :-)

Thanks!

Attached patch is on its way to master.

Volker
Comment 2 Jeremy Allison 2011-09-01 16:18:00 UTC
Comment on attachment 6849 [details]
Patch

Great catch ! Obvious fix :-).
Comment 3 Jeremy Allison 2011-09-01 16:18:21 UTC
Re-assigning to Karolin for inclusion in 3.6.1.
Jeremy.
Comment 4 Karolin Seeger 2011-09-01 19:10:54 UTC
Pushed to v3-6-test.
Closing out bug report.

Thanks!