Contributed by sean on Thu May 8 19:20:09 2008 (GMT)
from the and-another-bug-bites-the-dust dept.

Some bugs are so ornery that they remain hidden for a very long time.
There are some that happen in such weird edge cases that they go unexposed and are very hard to repeat.

Marc Balmer (mbalmer@) investigated a bug that was exposed by Samba. This bug had to do with a corner case with respect to the life of a directory listing. It seems to be the case that iterating through a directory (as provided by seekdir()/readdir()) can return invalid results when the directory is modified (specifically when items are removed) during the list iteration.

In Marc's personal blog, he explains the bug (and the solution) in better detail and notes how this bug has existed for far longer than OpenBSD has been around. I'm personally convinced I've seen this issue on some really high traffic OpenBSD and FreeBSD file servers but being a relative Luddite, blamed it on Samba (of which I'm not a huge fan but tolerate out of necessity).

Congratulations Marc on finding and squashing this beast.
As well, the other postings on his blog are equally good reading.