From: Andreas Schneider <asn@samba.org>
Date: Thu, 1 Dec 2022 09:32:00 +0000 (+0100)
Subject: s4:torture: Fix stack variable used out of scope in test_devmode_set_level()
X-Git-Tag: talloc-2.4.0~197
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0dc5f807690baae002f5c35c920663cc6c3617e0;p=thirdparty%2Fsamba.git

s4:torture: Fix stack variable used out of scope in test_devmode_set_level()

==12122==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fff494dd900 at pc 0x7fdaebea71e3 bp 0x7fff494dd430 sp 0x7fff494dd428
READ of size 4 at 0x7fff494dd900 thread T0
    #0 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8618
    #1 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8796
    #2 0x7fdaebea7482 in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9163
    #3 0x7fdaebea7580 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:27000
    #4 0x7fdaee3e1b30 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
    #5 0x7fdaee3e2132 in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
    #6 0x7fdaecb103fd in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722
    #7 0x559a7294c2f1 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293
    #8 0x559a7297b4d4 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126
    #9 0x559a7299cfa1 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344
    #10 0x559a7299cfa1 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489
    #11 0x559a7299cfa1 in test_printer_dm ../../source4/torture/rpc/spoolss.c:9083
    #12 0x7fdaeda9867d in wrap_test_with_simple_test ../../lib/torture/torture.c:808
    #13 0x7fdaeda9a40b in internal_torture_run_test ../../lib/torture/torture.c:516
    #14 0x7fdaeda9a87c in torture_run_tcase_restricted ../../lib/torture/torture.c:581
    #15 0x7fdaeda9aeb2 in torture_run_suite_restricted ../../lib/torture/torture.c:435
    #16 0x559a72b51668 in run_matching ../../source4/torture/smbtorture.c:95
    #17 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
    #18 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
    #19 0x559a72b523ef in torture_run_named_tests ../../source4/torture/smbtorture.c:172
    #20 0x559a72b563eb in main ../../source4/torture/smbtorture.c:750
    #21 0x7fdaea42c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #22 0x7fdaea42c678 in __libc_start_main_impl ../csu/libc-start.c:381
    #23 0x559a72755824 in _start ../sysdeps/x86_64/start.S:115

Address 0x7fff494dd900 is located in stack of thread T0 at offset 32 in frame
    #0 0x559a7297b111 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index dd0d4587903..6e52515ef23 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -2088,6 +2088,7 @@ static bool test_devmode_set_level(struct torture_context *tctx,
 				   uint32_t level,
 				   struct spoolss_DeviceMode *devmode)
 {
+	struct spoolss_SetPrinterInfo8 info8;
 	struct spoolss_SetPrinterInfoCtr info_ctr;
 	struct spoolss_DevmodeContainer devmode_ctr;
 	struct sec_desc_buf secdesc_ctr;
@@ -2108,8 +2109,6 @@ static bool test_devmode_set_level(struct torture_context *tctx,
 		break;
 	}
 	case 8: {
-		struct spoolss_SetPrinterInfo8 info8;
-
 		info8.devmode_ptr = 0;
 
 		info_ctr.level = 8;