Bug 9083 - "Invalid write of size 1"
Summary: "Invalid write of size 1"
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: IA64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-07 15:59 UTC by Thomas Hood
Modified: 2012-08-08 09:07 UTC (History)
0 users

See Also:


Attachments
Patch from master for this issue (1.16 KB, patch)
2012-08-07 22:01 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Hood 2012-08-07 15:59:01 UTC
Output from "valgrind samba -D" with 4.0.0~beta2+dfsg1-2 packages on Ubuntu 12.04.

 ==2095== Invalid write of size 1
==2095==    at 0xAAA652B: asn1_read_BitString (in /usr/lib/x86_64-linux-gnu/samba/libasn1util.so)
==2095==    by 0x5AEC500: spnego_read_data (in /usr/lib/x86_64-linux-gnu/samba/libcliauth.so)
==2095==    by 0x6985CAA: ??? (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x6986BEF: ??? (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x69870A6: gensec_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x12DC46E1: ldapsrv_BindRequest (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x12DC2F78: ldapsrv_do_call (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x12DC04C6: ??? (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x8AEF161: tevent_common_loop_immediate (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.16)
==2095==    by 0x8AF16AF: ??? (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.16)
==2095==    by 0x8AEE8DF: _tevent_loop_once (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.16)
==2095==    by 0x8AEEA6A: tevent_common_loop_wait (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.16)
==2095==  Address 0x22bdfca2 is 0 bytes after a block of size 82 alloc'd
==2095==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2095==    by 0x86D9837: _talloc_array (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.0.7)
==2095==    by 0x505EB8A: data_blob_talloc_named (in /usr/lib/x86_64-linux-gnu/libsamba-util.so.0.0.1)
==2095==    by 0xAAA64A8: asn1_read_BitString (in /usr/lib/x86_64-linux-gnu/samba/libasn1util.so)
==2095==    by 0x5AEC500: spnego_read_data (in /usr/lib/x86_64-linux-gnu/samba/libcliauth.so)
==2095==    by 0x6985CAA: ??? (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x6986BEF: ??? (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x69870A6: gensec_update (in /usr/lib/x86_64-linux-gnu/libgensec.so.0.0.1)
==2095==    by 0x12DC46E1: ldapsrv_BindRequest (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x12DC2F78: ldapsrv_do_call (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x12DC04C6: ??? (in /usr/lib/x86_64-linux-gnu/samba/service/ldap.so)
==2095==    by 0x8AEF161: tevent_common_loop_immediate (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.16)
Comment 1 Andrew Bartlett 2012-08-07 22:01:07 UTC
Created attachment 7745 [details]
Patch from master for this issue

I'm sorry, I'm not sure what your purpose is in filing this bug, as I have already fixed the issue based on our private mails, and the Samba Team does not control what Debian ships.

If you want to re-file the issue with Debian for them to patch, the attached patch is what is in master.