From cd7c57c85d9f3f6c27f28c120269f67e6d1ee45f Mon Sep 17 00:00:00 2001 From: Noel Power Date: Mon, 18 Apr 2016 18:42:57 +0100 Subject: [PATCH] s4:torture:raw: fix 'Invalid read of size 1 & Conditional jump or move' errors. smbtorture test raw.offline.offline generates the following valgrind trace(s). ==5130== at 0x2223AF: loadfile_callback (offline.c:107) ==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208) ==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395) ==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0x223A16: torture_test_offline (offline.c:493) ==5130== by 0x9553F62: wrap_simple_test (torture.c:632) ==5130== by 0x955368F: internal_torture_run_test (torture.c:442) ==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542) ==5130== by 0x260121: run_matching (smbtorture.c:110) ==5130== by 0x25FFE3: run_matching (smbtorture.c:95) ==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143) ==5130== by 0x261EC1: main (smbtorture.c:665) ==5130== Address 0x188b80d0 is 96 bytes inside a block of size 8,288 free'd ==5130== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5130== by 0xF4673A3: ??? (in /usr/lib64/libtalloc.so.2.1.5) ==5130== by 0xF460E42: _talloc_free (in /usr/lib64/libtalloc.so.2.1.5) ==5130== by 0x5AF7635: smb_composite_loadfile_recv (loadfile.c:278) ==5130== by 0x2222F7: loadfile_callback (offline.c:91) ==5130== by 0x5AF73E6: loadfile_handler (loadfile.c:208) ==5130== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395) ==5130== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26) ==5130== by 0x223A16: torture_test_offline (offline.c:493) ==5130== by 0x9553F62: wrap_simple_test (torture.c:632) ==5130== by 0x955368F: internal_torture_run_test (torture.c:442) ==5130== by 0x9553A6B: torture_run_test_restricted (torture.c:542) ==5130== by 0x260121: run_matching (smbtorture.c:110) ==5130== by 0x25FFE3: run_matching (smbtorture.c:95) ==5130== by 0x260242: torture_run_named_tests (smbtorture.c:143) ==5130== by 0x261EC1: main (smbtorture.c:665) ==5130== AND ==5428== Conditional jump or move depends on uninitialised value(s) ==5428== at 0x22270E: getoffline_callback (offline.c:197) ==5428== by 0x5ADFEE0: smbcli_request_done (clitransport.c:395) ==5428== by 0xF676EEE: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.26) ==5428== by 0xF677EF9: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5428== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26) ==5428== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26) ==5428== by 0x223A1B: torture_test_offline (offline.c:494) ==5428== by 0x9553F62: wrap_simple_test (torture.c:632) ==5428== by 0x955368F: internal_torture_run_test (torture.c:442) ==5428== by 0x9553A6B: torture_run_test_restricted (torture.c:542) ==5428== by 0x260126: run_matching (smbtorture.c:110) ==5428== by 0x25FFE8: run_matching (smbtorture.c:95) ==5428== by 0x260247: torture_run_named_tests (smbtorture.c:143) ==5428== by 0x261EC6: main (smbtorture.c:665) ==5428== Signed-off-by: Noel Power Reviewed-by: Volker Lendecke Reviewed-by: Andreas Schneider --- source4/torture/raw/offline.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source4/torture/raw/offline.c b/source4/torture/raw/offline.c index 85b1235ff6d..9391b09ab3b 100644 --- a/source4/torture/raw/offline.c +++ b/source4/torture/raw/offline.c @@ -93,6 +93,7 @@ static void loadfile_callback(struct composite_context *ctx) printf("Failed to read file '%s' - %s\n", state->loadfile->in.fname, nt_errstr(status)); test_failed++; + return; } /* check the data is correct */ @@ -184,6 +185,8 @@ static void getoffline_callback(struct smbcli_request *req) NTSTATUS status; union smb_fileinfo io; + ZERO_STRUCT(io); + io.getattr.level = RAW_FILEINFO_GETATTR; status = smb_raw_pathinfo_recv(req, state->mem_ctx, &io); -- 2.47.3