On Tue, 23 Dec 2025 at 21:46, Martin Simmons <[email protected]> wrote: > Note that value=0xaaaaaaaaaaaaaaaa, which is a pattern glibc puts in freed > memory, so looks like a use-after-free bug. This is the value of user->host() > at the end of handle_UA_client_request, but its not clear how that would be > freed.
Hello Everybody, I can be wrong but for me it looks like a possible problem in bvsnprintf() function. In this output: #4 0x00007ff005024d59 in fmtstr (buffer=buffer@entry=0x7fefcc00f890 "Disconnection from 226.144.140:9101", currlen=currlen@entry=19, maxlen=maxlen@entry=512, value=0xaaaaaaaaaaaaaaaa <error: Cannot access memory at address 0xaaaaaaaaaaaaaaaa>, flags=0, min=0, max=512) at /usr/src/debug/bacula-15.0.3-3.el9.x86_64/src/lib/bsnprintf.c:462 #5 0x00007ff005025995 in bvsnprintf (buffer=buffer@entry=0x7fefcc00f890 "Disconnection from 226.144.140:9101", maxlen=512, format=<optimized out>, format@entry=0x55b590a39128 "Disconnection from %s:%d", args=args@entry=0x7fefe9ffab10) at /usr/src/debug/bacula-15.0.3-3.el9.x86_64/src/lib/bsnprintf.c:362 the IP address looks to be incomplete (3 octets): "Disconnection from 226.144.140:9101". The currlen=currlen@entry=19 indicates to position 19 which is the start position of the IP address: "Disconnection from " Maybe something happened here... I am curious what is the problem :-) and if this is the right path (I am not a C programmer). Best regards, Marcin Haba (gani) _______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
